Port 4444 is a common default port for Metasploit and other pentesting tools.
Defenders should pay close attention to traffic on this port and “4444” being present in a command line. The use of port 4444 is often a tell that a penetration tester is active within the environment, but many cybercriminals have also been observed using open-source tools with their default settings.