That IP address (35.159.53.115) is in a subnet owned by AWS, in the eu-central-1 region. Your seed phrase must have been stolen by malware, which sent to a script on that IP address to make the transaction. (Why would someone create a remote Desktop on a VPS just to open a browser when they can do it locally?)
Each person must click the confirmation email to enter the blockchain wallet
And the unknown person also had my Gmail password
And he had confirmed the email
And in my wallet written on this date 0.04 bitcoins have been transferred to this address
Why didn't you secure your gmail account with two-factor authentication?
Google gave you plenty of options to require a second authentication to log in, so you could've verified by phone number or Google Authenticator. Why didn't you do those things beforehand?