Internet-Security.com TCP port 8009 details

TCP port 8009 is primarily used by the Apache JServ Protocol (AJP).
Apache Tomcat exposes its AJP connector on 8009 by default to receive requests from a front-end web server.
Apache HTTP Server commonly forwards traffic to Tomcat over 8009 using mod_jk or mod_proxy_ajp.
Microsoft IIS can connect to Tomcat via the ISAPI Redirector (jk_isapi), which uses AJP on port 8009.
JBoss/WildFly application servers provide an AJP listener that typically defaults to 8009 for integration with Apache HTTP Server.
Older Jetty deployments supported an AJP connector that often listened on 8009.
Port 8009 has been abused in attacks, notably the Tomcat AJP “Ghostcat” vulnerability (CVE-2020-1938), enabling file read/include and sometimes remote code execution when the AJP connector was exposed.
As a result, many deployments disable AJP or restrict 8009 to localhost or trusted proxies.

TCP 8009