Why is my CentOS 7 system making connections to RIPE ip addresses?

I have a what I believe is a clean CentOS 7 system set up and wanted to see the network traffic so I installed NetHogs. I was surprised to see random connections come up, mostly to the Asian Pacific RIPE network. However, I am also seeing connections to here in the states and central america.

NetHogs version 0.8.2-SNAPSHOT

PID USER     PROGRAM                                   DEV        SENT      RECEIVED       
1421 tnsun    sshd: tnsun@pts/0                        enp0s3     0.568   0.064 KB/sec
  ? root     xxx.xxx.xxx.xxx:1433-156.3.174.102:56800             0.000   0.000 KB/sec
  ? root     xxx.xxx.xxx.xxx:3306-123.249.45.210:46686            0.000   0.000 KB/sec
  ? root     xxx.xxx.xxx.xxx:111-66.240.236.119:11748             0.000   0.000 KB/sec
  ? root     xxx.xxx.xxx.xxx:23-191.109.233.156:56641             0.000   0.000 KB/sec
  ? root     unknown TCP                                          0.000   0.000 KB/sec

TOTAL                                                             0.568       0.064 KB/sec 

I figured I had been hacked and since this server has not gone live yet I decided the easiest thing to do is just create another VM.

Starting from scratch I installed the minimal CentOS 7 and got networking up. I immediately disabled root ssh logins did yum update and installed iptables blocking nearly everything.

I then installed vim and out of curiosity installed NetHogs again. This required the EPEL Repo but I need it for other things so I enabled it.

Running NetHogs shows me that even on a VM that is less than 30 min old on a new IP address that has not been used, the system is still making connections to unknown hosts.

Could something I've installed be compromised? Everything I've installed came from the default repos except for NetHogs which came from the EPEL repo.