Pages like vxvault, malekal, malc0de and so on...are costantly bot-scanned to fastly add new malwares into virus db. That's why it can't rapresent a realworld scenario. It's like having all malwares on a stage and antivirus are only saying "you are a malware, you also, you, you and you". In short words, you can't test a product on those pages, because those pages are costanlty monitored, to test a product you should crawl the web and take malwares samples from many sources, like email attachments, like fake program cracks (Gandcrab ransomware had this diffusion method also) and so on.