When I went to https://www.blender.org/download/ to get Blender 5.1.1 (choosing the ZIP file option in the dropdown) I was directed to a site called https://mirrors.cicku.me/blender/release… This is the first time I have seen or heard of “cicku.me”. Its odd name, domain, and appearance look exactly like a dangerous scam site, so please can anyone confirm that this is a safe and legitimate mirror site for downloading Blender?
2 Likes
AFAIK blender.org has no mirrors… like for some linux distributions; also expect only for those and “steam” there is only the original blender.org for downloading blender…
So even if i’m on linux a quick check downloaded the windows zip for me…
Do not trust, it sounds like a scam.
Check your system for virus and spyware.
I get the same thing. I also haven’t seen it before, but looking over it, it seems legit. It’s a webhosting / mirroring backend for distributing server load. They are somewhat sketchily branded, but it seems like they also provide services that allow people under restrictive regimes to access a less restricted web, so they’re not super forthcoming about their home address and who they are. Their github page shows them contributing code to cloudflare, which tracks with the other things I was seeing on the website…
I’m no expert, but it doesn’t seem like a problem to me, so take that for what it is worth.
1 Like
I can download directly from B org
It’s like a link I’ve never seen before?
However, the file configuration seems to be the same as Direct Download in the blender. 
If you’re suspicious, don’t download it.
Add…
I checked one file and it seems to be the same as the official download file.
if you want to be sure, you can download the SHA256 file from here:
https://download.blender.org/release/Blender5.1/
Running the certutil function generates a hash from the downloaded file
and compare the hash of the cicku version to the one downloaded directly from blender.org:
Same hash same file. It is just a mirror to distribute downloading more effectively.
Skepticism is good, but knowledge displaces fear. Learning some tips on identifying and validating information is a valuable skill, which is easily attainable. I just learned how to do this 30 minutes ago to answer this question, and now I can definitively say that the files downloaded from cicku.me are safe and valid.
1 Like
I followed the link you posted and get this hidden message (moving the mouse over the screen.)
I would not trust that site.
Unfortunately, you don’t really have a choice, the Blender Foundation doesn’t let you choose your download mirror. If you must have a shiny new version of Blender, it’s probably going to come from this site. Source: I’ve downloaded from blender.org and it mirrored from cicku.me
It might be a localization thing, is this all from users in the US?
OP’s internet is from the UK, so no, unless it’s a US/West Europe type localization
1 Like
They are explicitly working on tools to bypass chinese internet censorship and the great firewall of china, so it’s probably safe to assume they have an anti-establishment streak. Again, if you have concerns with file safety, you can verify the integrity of their files. If you have concern with the morality of a programmer that might hide a secret hashtag on their website, that’s not really a cybersecurity concern.
1 Like
Thank you for all your research on my behalf. For many years I have always downloaded the zip version and it has always “just worked” and been provided by a clearly legitimate download site. It is sad if the Blender web team has decided to go with this dodgy-looking cicku site, as it diminishes trust in open-source software. BTW, I am downloading from the UK.
I don’t think they’re all the same.
When I download it, I can download it without moving the link.
If it’s a matter of trust in the link, try the attached link.
This morning I tried it again, and cicku does not appear. How strange. I get a direct download from downloads.blender.org, as expected! Happy to download it now.
1 Like
I would really like to hear from the Foundation on this.
@Harley ? @dr.Sybren ? Can anyone clarify what is going on?
I don’t know anything official about this (or anything, LOL).
But I am used to Blender using mirrors for downloading binaries for many years. I live in Canada and sometimes the one I get has been excruciating slow and have had to cancel and try another.
Does this one look and sound dodgy? If guess anything can look and sound dodgy if you try hard, and consider the name “funny” for some reason, and not just a guy’s username (Christopher Meng).
But this one is specifically a high-speed mirror repository specializing in Linux distributions. Its used all over the place. I’m just glad that there are people like this that step up in order to save Blender money.
2 Likes
Again, I understand skepticism, but skepticism in the face of clear evidence is not a defensible position.
Cicku.me is a legitimate download mirror, providing files that are as safe and reliable as those provided directly from blender.org.
They may not have a fully polished aesthetic, and they may present in ways that are unfamiliar, but taking some time to assess their trustworthiness is a much better course of action than cowering in fear. Knowledge replaces fear, and if you refuse to allow knowledge in, then you are fostering a home in your heart for fear.
Be cautious and careful, but don’t hold ignorance up on a throne. If you are smart enough to download and use blender, you are smart enough to do some googling, do some research, and do some fact checking.
1 Like
Yes, but it doesn’t seem irrational to me to ask fellow potential experts on the matter where they gather. 
It’s scary out there and feeling uneasy about things like this is understandable, depending on one’s knowledge.
We all learn.
But yes, panic isn’t a good adviser. Nor here nor hitchhiking the galaxy, as we know. 
1 Like
Oh, I agree, but seeking council from your peers, who then go out of their way to vet the source, do the research and verify the integrity of the files, and then still sticking on the side of fear is irrational, IMO.
It’s also a little rude, TBH. If you aren’t going to listen to the people who will take time out of their day to answer your question, then what’s the point in asking?
2 Likes