diff --git a/clusters/malpedia.json b/clusters/malpedia.json
index 29d50a2..71dfe47 100644
--- a/clusters/malpedia.json
+++ b/clusters/malpedia.json
@@ -7048,7 +7048,6 @@
           "https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf",
           "https://blog.aquasec.com/teamtnt-campaign-against-docker-kubernetes-environment",
           "https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-exposing-malware-in-linux-based-multi-cloud-environments.pdf",
-          "https://malpedia.caad.fkie.fraunhofer.de/details/elf.teamtnt",
           "https://www.cadosecurity.com/teamtnt-script-employed-to-grab-aws-credentials/",
           "https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera",
           "https://www.cadosecurity.com/post/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials",
@@ -11695,7 +11694,6 @@
       "description": "",
       "meta": {
         "refs": [
-          "https://malpedia.caad.fkie.fraunhofer.de/details/py.pyaesloader",
           "https://malpedia.caad.fkie.fraunhofer.de/details/py.pyaesloader"
         ],
         "synonyms": [],
@@ -11847,7 +11845,6 @@
       "description": "",
       "meta": {
         "refs": [
-          "https://malpedia.caad.fkie.fraunhofer.de/details/py.unidentified_002",
           "https://malpedia.caad.fkie.fraunhofer.de/details/py.unidentified_002"
         ],
         "synonyms": [],
@@ -11860,7 +11857,6 @@
       "description": "",
       "meta": {
         "refs": [
-          "https://malpedia.caad.fkie.fraunhofer.de/details/py.unidentified_003",
           "https://malpedia.caad.fkie.fraunhofer.de/details/py.unidentified_003"
         ],
         "synonyms": [],
@@ -22169,7 +22165,6 @@
           "https://malcat.fr/blog/exploit-steganography-and-delphi-unpacking-dbatloader/",
           "https://www.netskope.com/blog/dbatloader-abusing-discord-to-deliver-warzone-rat",
           "https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4",
-          "https://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader",
           "https://www.zscaler.com/blogs/security-research/dbatloader-actively-distributing-malwares-targeting-european-businesses",
           "https://securityintelligence.com/posts/email-campaigns-leverage-updated-dbatloader-deliver-rats-stealers/",
           "https://blog.vincss.net/2020/09/re016-malware-analysis-modiloader-eng.html",
@@ -25523,7 +25518,6 @@
       "description": "FastLoader is a small .NET downloader, which name comes from PDB strings seen in samples. It typically downloads TrickBot. It may create a list of processes and uploads it together with screenshot(s). In more recent versions, it employs simple anti-analysis checks (VM detection) and comes with string obfuscations. \r\n",
       "meta": {
         "refs": [
-          "https://malpedia.caad.fkie.fraunhofer.de/details/win.fastloader",
           "https://malpedia.caad.fkie.fraunhofer.de/details/win.fastloader"
         ],
         "synonyms": [],
@@ -28033,8 +28027,7 @@
           "https://cert.gov.ua/article/38374",
           "https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/",
           "https://businessinsights.bitdefender.com/deep-dive-into-the-elephant-framework-a-new-cyber-threat-in-ukraine",
-          "https://cip.gov.ua/en/news/khto-stoyit-za-kiberatakami-na-ukrayinsku-kritichnu-informaciinu-infrastrukturu-statistika-15-22-bereznya",
-          "https://malpedia.caad.fkie.fraunhofer.de/details/win.graphsteel"
+          "https://cip.gov.ua/en/news/khto-stoyit-za-kiberatakami-na-ukrayinsku-kritichnu-informaciinu-infrastrukturu-statistika-15-22-bereznya"
         ],
         "synonyms": [],
         "type": []
@@ -30075,7 +30068,6 @@
       "description": "",
       "meta": {
         "refs": [
-          "https://malpedia.caad.fkie.fraunhofer.de/details/win.icyheart",
           "https://malpedia.caad.fkie.fraunhofer.de/details/win.icyheart"
         ],
         "synonyms": [
@@ -31774,7 +31766,6 @@
       "description": "KleptoParasite Stealer is advertised on Hackforums as a noob-friendly stealer. It is modular and comes with a IP retriever module, a Outlook stealer (32bit/64bit) and a Chrome/Firefox stealer (32bit/64bit). Earlier versions come bundled (loader plus modules), newer versions come with a loader (167k) that grabs the modules.\r\n\r\nPDB-strings suggest a relationship to JogLog v6 and v7.",
       "meta": {
         "refs": [
-          "https://malpedia.caad.fkie.fraunhofer.de/details/win.kleptoparasite_stealer",
           "https://malpedia.caad.fkie.fraunhofer.de/details/win.kleptoparasite_stealer"
         ],
         "synonyms": [
@@ -45960,7 +45951,6 @@
           "https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf",
           "https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html",
           "https://otx.alienvault.com/pulse/5fd10760f9afb730d37c4742/",
-          "https://malpedia.caad.fkie.fraunhofer.de/details/win.sidewinder",
           "https://s.tencent.com/research/report/479.html",
           "https://s.tencent.com/research/report/659.html",
           "https://medium.com/@Sebdraven/apt-sidewinder-tricks-powershell-anti-forensics-and-execution-side-loading-5bc1a7e7c84c",