diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index bdd3b7b..0cf072d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -396,7 +396,6 @@
         ],
         "country": "CN",
         "refs": [
-          "http://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/",
           "http://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/"
         ]
       },
@@ -986,7 +985,6 @@
         "country": "RU",
         "refs": [
           "https://en.wikipedia.org/wiki/Carbanak",
-          "https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor",
           "https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf",
           "http://2014.zeronights.ru/assets/files/slides/ivanovb-zeronights.pdf",
           "https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks",
@@ -1398,7 +1396,6 @@
     {
       "meta": {
         "refs": [
-          "http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/",
           "https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html",
           "http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/",
           "http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/",