From Our Correspondent
Hyderabad: Telangana Cybercrime officers have arrested Immadi (Emmadi) Ravi, the alleged mastermind behind the infamous piracy portals iBomma and its successor Bappam. His arrest caps a complex manhunt that zig-zagged across continents and digital shadows, following years of industry losses and repeated complaints from Tollywood.
The Man Behind the Mask
Investigators describe Ravi as highly educated and exceptionally skilled in technology. Originally from Visakhapatnam, he built deep expertise in servers, encryption and hacking. According to police briefings and industry complaints, he had the ability to penetrate even highly fortified servers. Telugu reports say he could “hack any server, anywhere in the world.”
This technical edge allowed him to infiltrate Cloudflare-protected storage, OTT platforms, and pre-release vaults, pulling out HD versions of films and web series before or immediately after theatrical release. These files were then uploaded onto servers based in Caribbean islands, routed through offshore jurisdictions, and distributed through iBomma and later Bappam.
His catalogue covered:
-
Telugu films and web series
-
Dubbed versions of Kannada, Tamil, Hindi, Malayalam and other language titles
-
Newly released originals from OTT platforms
Despite the vast scale, Ravi maintained strict anonymity. He used layered VPNs, offshore citizenship, and shifting IP trails to stay invisible. A letter circulated on social media last year claimed he had taunted Telangana Police: “I have data of crores of users. Stop focusing on this website.” Police never confirmed authorship, but investigators say the arrogance matched the profile they had built.
How the Piracy Engine Worked
Based on police statements, digital forensics, and reporting from multiple outlets:
-
Acquiring Content:
Ravi used DCP leaks, hacked OTT storage, and insider contacts in theatres and post-production studios. This ensured high-quality HD prints — the signature of iBomma. -
Global Server Network:
Files were hosted on Caribbean island servers, fronted by Cloudflare and other content-delivery networks. When authorities blocked a domain, mirrors appeared within hours. -
Distribution Channels:
Telegram groups, private forums, and link-aggregators guided millions of users to fresh mirrors. The clean interface and malware-free promise kept the user base exploding. -
Monetization:
Earnings reportedly came from ad networks, affiliate deals, crypto payments, and suspected betting-platform tie-ups. Initial estimates placed direct earnings at over ₹12 crore, though audits are ongoing. Numbers reported across websites vary widely. Some portals publish sensational totals (for example, claims of 21,000 films or multi-lakh crore losses). Those figures are often industry estimates or aggregator counts and should be interpreted as indicative rather than forensic accounting.
The Investigative Trigger
In August 2025, multiple Telugu films fell prey to pre-release and first-day leaks. The Anti-Video Piracy Cell of the Telugu Film Chamber of Commerce filed a complaint with Hyderabad Cybercrime Police on 30 August.
Their investigation highlighted:
-
65 active mirror sites linked to iBomma
-
3.7 million monthly viewers on these domains
-
Rapid domain switching and server relocation patterns
On 29 September, police arrested five members of a local piracy ring supplying ripped prints to larger networks. These arrests began to clarify the pipeline — and intensified the search for the real mastermind.
The Vanishing Act
Up to 30 September, Ravi stayed quietly at his Kukatpally residence. But on 1 October, he disappeared. Digital surveillance suggested he had slipped out of the country. IP trails pointed to a familiar pattern: France, Netherlands, Caribbean Islands, shifting every few hours. He used this global rotation to mislead investigators and maintain the belief that he was untouchable. On 3 October, police flagged activity traced to Amsterdam, confirming he was in the Netherlands. He continued hopping between European and island jurisdictions, masking his presence with VPN chains and proxy routes.
The Fatal Mistake
Confident that the police could not corner him, Ravi made a miscalculation. He returned to Hyderabad — reportedly flying into the city from Amsterdam — assuming his “invisibility arc” would still hold. It didn’t. Telangana Cybercrime teams had been tracking his digital patterns, cross-checking login timestamps, IP anomalies, and traces left during the earlier arrests. When he landed in the city and moved towards Kukatpally, surveillance teams were already shadowing him. The moment he accessed backend resources connected to the piracy network, officers moved in. Ravi was arrested quietly, without incident.
Seizures and Charges
Police seized multiple mobile phones, hard drives, server login credentials, access keys for offshore hosting, and data linked to crypto transactions and advertising networks. He now faces charges under the Information Technology Act and the Cinematograph Act, with additional inquiries underway into possible money-laundering and unlawful gains. Following his arrest, he was remanded to judicial custody.
Tollywood producers and distributors hailed the arrest as a major breakthrough, but cybercrime specialists caution that even with the mastermind behind bars, the architecture he created—offshore hosting networks, mirrored domains and anonymous ad pipelines—remains attractive to potential successors. Key questions still hang over the investigation: how many collaborators were involved, how much money flowed through crypto channels, and how many offshore servers are still active. For now, officers insist the core of the iBomma–Bappam network has been dismantled, but the wider digital battlefield remains far from quiet.