diff --git a/clusters/malpedia.json b/clusters/malpedia.json
index 42f230d..6b59fe9 100644
--- a/clusters/malpedia.json
+++ b/clusters/malpedia.json
@@ -406,7 +406,6 @@
         "refs": [
           "https://malpedia.caad.fkie.fraunhofer.de/details/apk.marcher",
           "https://www.zscaler.de/blogs/research/android-marcher-continuously-evolving-mobile-malware",
-          "https://www.zscaler.de/blogs/research/android-marcher-continuously-evolving-mobile-malware",
           "https://www.clientsidedetection.com/marcher.html",
           "https://www.clientsidedetection.com/exobot_v2_update___staying_ahead_of_the_competition.html"
         ]
@@ -1881,7 +1880,6 @@
         "refs": [
           "https://malpedia.caad.fkie.fraunhofer.de/details/osx.bella",
           "https://blog.malwarebytes.com/threat-analysis/2017/05/another-osx-dok-dropper-found-installing-new-backdoor/",
-          "https://github.com/kai5263499/Bella",
           "https://github.com/kai5263499/Bella"
         ]
       },
@@ -3782,8 +3780,7 @@
           "http://resources.infosecinstitute.com/beta-bot-analysis-part-1/#gref",
           "https://www.arbornetworks.com/blog/asert/beta-bot-a-code-review/",
           "https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/BetaBot.pdf?la=en",
-          "http://www.malwaredigger.com/2013/09/how-to-extract-betabot-config-info.html",
-          "https://medium.com/@woj_ciech/betabot-still-alive-with-multi-stage-packing-fbe8ef211d39"
+          "http://www.malwaredigger.com/2013/09/how-to-extract-betabot-config-info.html"
         ]
       },
       "uuid": "837c5618-69dc-4817-8672-b3d7ae644f5c",
@@ -4124,7 +4121,6 @@
           "https://malpedia.caad.fkie.fraunhofer.de/details/win.bundestrojaner",
           "http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf",
           "http://www.stoned-vienna.com/analysis-of-german-bundestrojaner.html",
-          "https://www.f-secure.com/weblog/archives/00002249.html",
           "https://www.f-secure.com/weblog/archives/00002249.html"
         ]
       },
@@ -12748,7 +12744,6 @@
           "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/",
           "https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/",
           "http://www.welivesecurity.com/2015/07/10/sednit-apt-group-meets-hacking-team/",
-          "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/",
           "https://www.welivesecurity.com/2017/05/09/sednit-adds-two-zero-day-exploits-using-trumps-attack-syria-decoy/",
           "https://blog.xpnsec.com/apt28-hospitality-malware-part-2/",
           "https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html",
@@ -15752,8 +15747,7 @@
         "type": [],
         "refs": [
           "https://malpedia.caad.fkie.fraunhofer.de/details/win.zeroevil",
-          "https://www.blueliv.com/blog-news/research/ars-loader-evolution-zeroevil-ta545-airnaine/",
-          "https://malpedia.caad.fkie.fraunhofer.de/details/win.zeroevil"
+          "https://www.blueliv.com/blog-news/research/ars-loader-evolution-zeroevil-ta545-airnaine/"
         ]
       },
       "uuid": "585f9f75-1239-4561-8815-c5ae033053a1",