The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 35.206.125.238 on port 587 TCP:
From: duke@rexpo.com
To: duke@rexpo.com
$ telnet 35.206.125.238 587
Trying 35.206.125.238…
Connected to 35.206.125.238.
Escape character is ‘^]’
$ nslookup 35.206.125.238
238.125.206.35.bc.googleusercontent.com
$ dig +short c67976.sgvps.net
35.206.125.238
Referencing malware samples:
MD5 21a5450a6d10d7826dc34b3b09901596
MD5 4c3470830f35f075711ec37607b7a7e4
MD5 56ffe47abc7e3cf025fc80d75cfd4747
MD5 a5d6d8493b5e1e9bb8e6f032805e2850