Internet-Security.com TCP port 222 details

TCP/222 is registered by IANA for rsh-spx (Berkeley rsh over IPX/SPX), historically seen in Novell NetWare environments.
In modern practice, SSH servers (e.g., OpenSSH, Dropbear) are often reconfigured to listen on TCP/222 as an alternative to the default port 22 to reduce noise or avoid conflicts.
Because SSH is frequently run on 222, attackers and botnets commonly scan and attempt brute-force logins on this port, a pattern widely observed by honeypots.
Beyond these, no widely standardized or common default services are known to use TCP/222 today.

TCP 222