tried to block the treaten emails but end to backup PC HD data files which i gave up since it failed in May

6/4/2026 (yesterday) searched:what is 185.106.139.3 , i did chang password but still received a threat email [you pervert, i recorded you], in att-yahoo view raw messages where to find the hacker used my password ?

The IP address 185.106.139.3 is a server identifier associated with networks in the Middle East region (often tied to web hosts or proxy services). It is frequently flagged in cybersecurity databases for malicious activity.You have not been hacked, and no one has recorded you.

The email you received is a very common, well-documented extortion scam.The scam works by intentionally terrifying you. Scammers obtain your old passwords from previous, unrelated website data breaches (like LinkedIn or Yahoo).

They put that password in the email to trick you into believing they have full access to your computer and camera.

They also use a technique called "spoofing" to make the email look like it was sent from your own address.

Here are the facts and how to proceed:

Ignore the threat: They have absolutely no video or webcam footage of you.

Do not pay: Never send money, cryptocurrency, or reply to the email.

Mark as spam: Use your providers tools to mark the message as junk and delete it.

Check for leaks: Visit sites like Have I Been Pwned to see which data breach your password may have come from.

How to View Raw Messages in AT&T/YahooIf you still want to look at the raw email data to verify the sender details yourself: Log into your account via the Yahoo Mail portal or the AT&T web portal.Click on the suspicious email to open it.

Look at the toolbar near the top and click the More icon (represented by three dots: ...).

Select View Raw Message from the dropdown menu. A new window will appear displaying the source code of the email. You can search the text for X-Originating-IP or Received: to find the hackers true routing information.

Do you need help checking if your password was exposed in any specific data breaches? I can guide you through securing your accounts.

--i made a copypaste *.txt and searched password which showed : A piece of advice from me: regularly change all your passwords and update your device with the latest security patches.

same as i received 1st blackmail when Google searched unknown phone call number. aftr i posted in 360Lib Google dropped off the phone number and those 5 or 6 websites, one had big TicTok sign.

the fraud email seemed use my email address sent to my email address, in view raw messages it shows [Received: from rbblgjk ([25.167.79.16]) by 05690.com with MailEnable ESMTP] , should i blocked 25.167.79.16 ?

Yes, you can block the IP address 25.167.79.16 in your email clients settings, though it likely wont stop future spoofed emails.

Scammers use "email spoofing" to forge the "From" address, making it look like the email came from you. The IP address in the raw headers is the true origin, so blocking it prevents that specific server from sending you mail, but the scammer will just use a different server next time.

Here is the quick breakdown of what is happening and how to protect yourself:

The IP Origin: The IP 25.167.79.16 traces back to the UK Ministry of Defence network. This suggests the scammer hijacked an unsecured device or server to send the message.

--would you believe UK Ministry of Defence network is incapable or it is fishing or their member (user) is scammer ?  the X-Originating-Ip: [185.106.139.3]

Sender Reputation: You can check if this IP has been flagged by others on MXToolBox IP Lookup.

Verify the Authenticity: To ensure the email did not actually leave your outbox, check the "Sent" folder in your email providers webmail (e.g., Gmail, Outlook). If it isnt there, your account was not breached; the scammer just spoofed your address.

To stop these from reaching your inbox, you should set up Spam Rules or Filters in your email settings to automatically delete emails that contain your exact email address in both the "From" and "To" fields.

Would you like me to help you set up a specific filter or rule to catch these spoofed emails? If so, please let me know which email provider you are using (e.g., Gmail, Outlook, Yahoo).
....................................
You said: yes. i uses att-yahoo

Because you are using AT&T Yahoo Mail, you can set up a custom filter on a computer to automatically catch and delete these spoofed emails. 

Since Yahoos basic filter settings do not look at hidden background headers, the best strategy is to create a filter that targets emails where your email address is listed as both the sender and the recipient.

Step 1: Open Your Filter Settings
1 Log into your AT&T Yahoo Mail account on a desktop computer web browser.
2 Click the Settings Gear Icon ⚙️ in the upper right-hand corner.
3 Click More Settings at the bottom of the menu.
4 Select Filters from the menu on the left side.
5 Click Add new filters. Yahoo +4

Step 2: Configure the Spoof Filter
Fill out the fields exactly as follows to catch emails that pretend to be from you:

Filter Name: Type something recognizable like Catch Spoofed Emails. Yahoo +1
From:
Change the dropdown rule to contains.
In the text box, type your exact email address. Fyxer +1

To / CC:
Click + Add a rule right below "From" if you need to add a second line.
Change the dropdown rule to contains.
In the text box, type your exact email address. Fyxer +1

Choose a folder to move to:
Select Trash (or Spam if you want to inspect them first). Fyxer +1

Save: Click the Save button at the bottom. Yahoo +1

Crucial Safety Check
Because this rule targets any email sent from you to you, it will also catch legitimate emails you intentionally send to yourself (like quick notes or documents you forward to your own inbox).

If you frequently email yourself notes, choose Spam or create a custom folder called Review Spoofs as the destination instead of Trash. This allows you to quickly verify the contents before they are permanently deleted. Yahoo +2

Do you also need help reporting this specific IP address to AT&T/Yahoos abuse team so they can update their global spam blockers?

===========================

attach the similar blackmail as before :

Hello!

Unfortunately, there is some bad news for you.

Some time ago, your device was infected with my private Trojan, R.A.T. (Remote Administration Tool).

If you want to find out more about it, simply use Google.

My Trojan allowed me to access your files, accounts, and your camera.

Check the sender of this email; I have sent it from your email account.

To ensure you read this email, you will receive it multiple times.

I RECORDED YOU (through your camera) MASTURBATING!

After that, I removed my malware to leave no traces.

If you still doubt my serious intentions, it only takes a couple of mouse clicks to share the video of you masturbating with your family, friends, relatives, all email contacts, on social networks, and the darknet.

All you need is $1400 USD in Bitcoin (BTC), transferred to my wallet address.

After the transaction is successful, I will proceed to delete everything.

You can purchase Bitcoin (BTC) from reputable exchanges here:

http://www.coinbase.com - Payment options: Credit/Debit Cards, Bank Transfers, PayPal (in some regions).
http://www.binance.com - Payment options: Credit/Debit Cards, Bank Transfers, P2P trading, third-party payment providers, and gift cards.
http://www.bitrefill.com - Payment options: Paysafecard, credit/debit cards, crypto, bank transfer, and other gift cards.
http://www.crypto.com - Payment options: Credit/Debit Cards, Bank Transfers, Apple Pay, Google Pay, and more.
http://www.etoro.com - Payment options: Credit/Debit Cards, Bank Transfers, PayPal.
Alternatively, simply Google for other exchanges.

Once purchased, you can send the Bitcoin (BTC) directly to my wallet address or use a wallet application such as Atomic Wallet or Exodus Wallet to manage your transactions.

My Bitcoin (BTC) wallet address is: 16FnhJgft5PxM3QNRjq9FiafkKHAAv8Ngy

Yes, thats how the wallet address looks. Copy and paste my wallet address; its case-sensitive.

A piece of advice from me: regularly change all your passwords and update your device with the latest security patches.