Internet-Security.com TCP port 9091 details

Transmission BitTorrent client uses TCP/9091 for its RPC and Web UI by default (common on Linux servers and NAS packages like Synology, QNAP, and TrueNAS). It has been abused when exposed to the internet, including DNS-rebinding attacks that let attackers control downloads and run configured scripts via the RPC interface.
Openfire XMPP server uses TCP/9091 for its HTTPS Admin Console (HTTP is on 9090), seen in many on-prem chat deployments. Its admin console has had critical vulnerabilities exploited in the wild when exposed (e.g., path traversal leading to remote code execution).
Prometheus Pushgateway listens on TCP/9091 by default to receive push metrics; it’s widely used in Prometheus-based monitoring stacks (including Kubernetes deployments and the official Docker image).

TCP 9091