Question, possible danger ssh

[Idlefase]

Hey there,

Yesterday I successfully built the Linux VM but found something on my host that concerns me.

When I rebooted and ran netstat, I found that a couple of w/o servers were contacted. Mostly fastly OSCP servers and domains called Warsaw. infra and graveyard. infra

I ran rk hunter and detected that Permitrootlogin in the ssh config was set to undefined and there was a hidden .java file in /etc/

The Warsaw and graveyard domains ran over the 5000 port range.

Are these domains legit or am I PWN'D

And could it be that some HTTP:// URI in the build.sh script have been Sniffed on?

Would love to hear from you.

Cheers.