Immadi Ravi Arrest: iBomma Piracy Tactics Exposed | Telugu Film Losses

BySkillioma
Hyderabad Police Piracy Racket iBomma
Add to my learning plan
Please login to my learning plan Close
Catch Me If You Can
Imagine this: A shadowy tech wizard, lounging in a Caribbean villa, sips piña coladas while his digital empire leaks blockbuster Telugu films hours after their premiere raking in crores from shadowy bets and stolen data. But when Hyderabad’s cyber cops close in, he doesn’t flee into the sunset. No, he taunts them online: Catch me if you can or I’ll leak your secrets next. Fast-forward to November 15, 2025: Immadi Ravi, the iBomma pirate kingpin, steps off a flight from France, smirking at his invincibility. Big mistake. In a pulse pounding airport sting straight out of a spy thriller, police cuff him on the tarmac, seizing a vault of 21,000 pirated flicks and shattering a ₹24,000 crore piracy plague. Welcome to the takedown of India’s boldest movie marauder where one defiant tweet turned Ravi from ghost to guest of the state. Buckle up; this isn’t just a bust, it’s the blueprint for how cyber sleuths outsmarted a global ghost.
 
 
Who is Immadi Ravi?
Immadi Ravi (also spelled Immadhi Ravi or Emmadi Ravi), aged 39, is a Visakhapatnam native currently residing in Kukatpally, Hyderabad. He is the alleged mastermind behind one of India’s largest online movie piracy networks, primarily targeting Telugu (Tollywood) films but also extending to Tamil, Kannada, Malayalam, Hindi, and other dubbed content. Ravi was arrested by Hyderabad’s Cyber Crime Police on November 15, 2025, upon his return from France, marking a major breakthrough in anti-piracy efforts. He is currently in judicial custody for 14 days, with police seeking further remand, and faces charges under the IT Act (sections 66A and 66D) and Copyright Act of 1957. The operation has caused estimated losses of thousands of crores to the Telugu film industry, with stars like Chiranjeevi, Nagarjuna, and SS Rajamouli publicly thanking the police.
Ravi’s arrest followed months of investigation triggered by complaints from the Telugu Film Chamber of Commerce’s Anti-Piracy Cell, including leaks of films like Single, HIT: The Third Season, Godfather, OG, Kantara, and Mirai. Prior to his capture, Ravi taunted authorities online, threatening to leak personal data of film industry figures, police, and celebrities if pursued. Police seized ₹3 crore in cash, hundreds of hard disks containing 21,000 pirated movies, computers, cell phones, and user data logs from his apartment. They also froze international bank accounts and shut down the sites using credentials obtained from him.
 
 
Technical Background
Ravi is a skilled web developer and self-described “criminal-minded techie” with a strong foundation in computers and cybersecurity. He holds a BSc in Computers from Hyderabad and an MBA from Mumbai (some reports mention an engineering degree). In 2010, he founded ER Infotech, a legitimate web services company in Hyderabad specializing in domain registration, hosting, and website development. Through this firm, he created and managed over 900 websites, honing skills in server management, domain handling, and digital infrastructure.
His technical expertise enabled sophisticated piracy operations:

  • Hacking and Content Acquisition: Ravi was adept at breaching secure servers worldwide, including those of Cloudflare and OTT platforms (e.g., Netflix, Amazon Prime). He used Digital Rights Management (DRM) hacking to rip high-definition (HD) content from protected streams, often uploading leaks within hours of theatrical or OTT releases.
  • Server and Hosting Setup: He purchased physical servers in Amsterdam (Netherlands) and Switzerland for secure, offshore hosting. Domains (over 110 related to iBomma and Bappam) were registered via Porkbun, a U.S.-based registrar, under fake identities.
  • Evasion Techniques: Ravi employed Virtual Private Networks (VPNs) to mask his IP addresses, frequently rotating locations (e.g., France, Dubai, Thailand, USA) and using decoy networks. To dodge Indian jurisdiction, he renounced his Indian citizenship in 2023 and acquired citizenship in Saint Kitts and Nevis (a Caribbean dual-island nation known for citizenship-by-investment programs), allowing him to operate as a “ghost” from abroad. He held multiple fake IDs, including driver’s licenses and PAN cards under aliases from Maharashtra.
  • Data Harvesting and Malware: Pirated files were embedded with malware to steal user data (e.g., IP addresses, emails, phone numbers). He distributed malicious Android Package Kit (APK) files disguised as streaming apps, harvesting details from 50 lakh (5 million) users. This data was sold on the dark web, generating additional illicit revenue.
  • Storage and Re-uploading: Even after site takedowns, Ravi maintained archives of 21,000+ films on local hard disks for quick re-uploads. Content was also shared via Telegram channels.
Aspect
Details
Education
BSc (Computers), Hyderabad; MBA, Mumbai
Professional Experience
Founded ER Infotech (2010); Built 900+ websites
Key Skills
DRM hacking, server breaches, VPN/IP masking, malware embedding, domain management
Tools/Tech Used
Offshore servers (EU/US), Porkbun registrar, APK malware, Cloudflare hacks
 
 
Operations of iBomma and Bappam
Ravi launched iBomma in 2019 as a “free streaming” site for Telugu movies and web series, quickly becoming infamous for same-day leaks. By 2022, he expanded to Bappam (or Bappam TV), a rebranded mirror site, and variants like IRadha and IWin. These formed a web of 65+ mirror sites, ensuring resilience; when one domain was blocked, traffic redirected to alternatives via search engine optimization and social media funnels.

  • Content Distribution: Focused on Telugu but included South Indian and dubbed regional films. Users accessed via web streams or APK downloads. Monthly traffic hit 37 lakh views, luring users with “free HD” promises.
  • Monetization: Primary piracy was a loss-leader; real profits (₹20 crore total, per police estimates; some sources suggest 10x higher) came from:
    • Redirecting users to illegal betting/gaming apps.
    • Ad revenue from gambling sites.
    • Selling stolen user data on the dark web.
    • DDoS attacks and promotions for cybercrime networks. He funneled earnings through 35 bank accounts, funding a luxurious life abroad (e.g., Caribbean properties) and international travel for betting collaborations.
  • Network Scale: Operated remotely from the Caribbean, France, and Dubai using fake identities. A small team in India handled uploads, but Ravi was the central administrator. In September 2025, police booked 65 mirrors, including iBomma and Bappam, after earlier arrests of five hackers linked to the gang.
  • Impact and Shutdown: Caused ₹3,000+ crore in industry losses. Sites were fully shut down post-arrest using Ravi’s logins. Investigations continue into associates in India and abroad, including crypto trails and betting ties.

Ravi’s story highlights the intersection of tech savvy and cybercrime, turning legitimate web skills into a global piracy empire. While some view him as a “Robin Hood” for providing free access to underprivileged viewers, authorities emphasize the broader harms: data theft, financial fraud, and industry devastation. Ongoing probes may uncover more links to networks like Tamil Blasters or Movierulz.

 
Based on the latest reports from the ongoing investigation (as of November 17, 2025), The details stem from police disclosures during the November 17 press briefing by Hyderabad CP V.C. Sajjanar, alongside film industry figures like Chiranjeevi and SS Rajamouli. The new intel highlights the multi-layered, tech-savvy operations of the network, emphasizing global coordination, rapid adaptation, and user exploitation. Here’s a breakdown of the key fresh insights:

  • Global Coordination and Overseas Technical Team: Ravi didn’t operate solo; he directed a distributed network involving an overseas technical team based in countries like the Netherlands, Switzerland, the US, Dubai, and Myanmar. This team handled real-time uploads and server maintenance, allowing leaks to occur within hours of a film’s theatrical or OTT release. For instance, camcorders in India (like arrested operative Jana Kiran Kumar) filmed movies in theaters, while the overseas crew digitized and distributed HD rips via encrypted channels.
  • Dynamic Mirror Site Strategy: Ravi managed over 65 mirror websites (up from the previously reported 110 domains in some estimates), including iBomma, Bappam TV, and variants like IRadha. The tactic: Whenever authorities blocked one domain (via MeitY orders), a new mirror launched within hours, using automated redirects and SEO-optimized funnels to maintain 37 lakh monthly users. This “whack-a-mole” approach ensured near-continuous availability.
  • Advanced Acquisition Methods: Beyond DRM hacking of OTT platforms (e.g., Netflix, Prime Video) and Cloudflare breaches, new details reveal hacking of satellite feeds for TV broadcasts and digital drives from production houses. This enabled same day leaks of films like HIT: The Third Case, Single, Kuberaa, OG, Game Changer, and Kantara. Police recovered evidence of tools used to intercept unencrypted satellite signals, a tactic borrowed from broadcast piracy rings.
  • Embedded Data Theft and Dark Web Sales: The APK files (disguised as free streaming apps) weren’t just for access—they contained sophisticated malware that infiltrated users’ devices to harvest personal data (e.g., IPs, emails, phone numbers, banking details). This affected ~50 lakh users, with the stolen info archived on hard disks and sold on the dark web for cyber fraud and identity theft. Sajjanar warned this poses a “major cybersecurity threat,” linking it to broader scams.
  • Interleaved Monetization Tactics: Piracy was the hook; profits (~₹20-200 crore estimated, with ₹3 crore seized) came from embedding gambling/betting ads mid-stream (e.g., pop-ups during playback) and redirecting users to illegal gaming sites. New findings show Ravi used “new technology” for seamless ad integration, boosting click-through rates, and funneled earnings via crypto and 35+ international accounts tied to his Caribbean citizenship.
  • Resilience Through Archives and Telegram: Even post-takedown, Ravi’s 200+ hard disks held a vault of 21,000 pirated films (from classics like The Godfather to 2025 releases like Mirai). These served as a backup for quick re-uploads via Telegram channels, which he used for direct peer-to-peer sharing to evade site blocks.

These tactics underscore Ravi’s evolution from a web developer (via ER Infotech) to a “pirate kingpin,” blending legitimate skills with cybercrime. Investigations continue, with CBI/ED probing international links, potentially uncovering ties to groups like Tamil Blasters.

Pages: 1 2 3 4 5

Similar Posts