Hi list, During the next days, I'm planning to analyze some suspicious traffic that I collected during an execution of malware. One of my goal is to retrieve additional information for every IP address that is in that traffic. For this, I believe that the whois data is a very valuable source of information. However, I realize that I should not overdo in performing whois queries to RIPE (and RIR databases in general). I expect to query the database ~ 20,000 times per day. Here comes my problem: According to the RIPE policy, I am allowed to query the database even frequently. At the same time, one should avoid querying personal data too often. I am trying now to find a program (e.g., jwhois, the 'usual' UNIX whois client, with some weird parameters) that allow me to comply to the RIPE policies. For my convenicen, if I can somehow avoid it, I'd rather use the online database instead of syncing it and performing requests locally. In addition, I checked the whois usage policies of other RIRs. Admittedly, RIPE has got the far most transparent ones! Others don't give explicit limits in their usage, and I have to hope that I won't be blocked when using whois extensively. Would you please share your experiences, and maybe even give hints about a 'correct' usage of a whois client? Thanks in advance, Chris