Suricata

threatexpert.com is no longer resolving. Quick look at passive dns data shows this stopped on or around 2020-03-13.

there are currently two usages of threatexpert.com in the reference.config

config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
config reference: md5        http://www.threatexpert.com/report.aspx?md5=

WRT the "threatexpert" reference type, I'm not too sure how to handle the "threatexpert" reference type, given it's possible to be used in current rules, and removing it from the reference.config would render those rules invalid.
It would appear the ETPRO ruleset does not contain any references to the "threatexpert" reference type.

WRT md5 reference type, I imagine this could be changed to either virustotal (https://www.virustotal.com/gui/search/) or malware bazaar (https://bazaar.abuse.ch/browse.php?search=md5%3A)