Sometimes the “www” prefix found near the start of a URL is appended by a number. So we might get www2.example.com, for example. Most people know that “www” means accessing the “world wide web,” but what does the number denote? First, it’s nothing to worry about. All it means is that the data for that particular website is being retrieved from a different server to the one normally used.

You might find yourself redirected to a “www2” server when the primary server is overloaded, being repaired or simply not working. Similarly, you might be redirected to a web address starting with “www3”, “www4” or www[n] – the exact number depends on how many servers host copies of the site. Website developers also sometimes use “www2,” “www3” etc. to identify subdomains – we’ll explain about these in the next section.

What is a domain?

Each computer connected to the internet – including those serving websites – has an IP address that acts as its identity. This is a 32-bit string of numbers if it’s an IPv4 address, and a 128-bit alphanumeric value if it’s an IPv6 address.

If your computer is running Windows, you can see the IP address of a website by opening the command prompt and typing “ping example.com”. The IP address follows the words “Reply from.”

In the above example, the server providing the comparitech.com pages has an IPv4 address of 23.106.62.174.

The problem is that humans aren’t very good at remembering – or typing – strings of numbers without error. This is where the Domain Name System (DNS) comes in. DNS allows website owners to use domain names to refer to their websites, rather than numbers. The DNS system matches domains with their relevant IP addresses.

Domain names are made up of one or more parts called labels, which are arranged in a hierarchy, from right to left. As an example, www.comparitech.com is made up of three labels:

  • The final label – com – refers to the top-level domain. Top-level domains are those that end with a two-character country code like “uk” or with a generic label like com, mil, gov, edu, org, int, and net.
  • Domains to the left of the top-level domain are subdivisions – or subdomains – of those to the right. So, for example, “comparitech” creates a node comparitech.com as a subdomain  of the “com” domain.
  • The “www” prefix specifies www.comparitech.com, which is a subdomain of comparitech.com.

By themselves, top-level domains don’t normally refer to an IP address, but the subdomains do. In our case, both comparitech.com and www.comparitech.com refer to the same IP address.

Where did “www” come from?

Now that we understand domains, it’s useful to consider how resources on the web are named. This will aid understanding how a “www2” address links to somewhere different than a “www” address. Let’s consider a Comparitech web address: https://www.comparitech.com/about-us/

This is made up of three parts which, taken together, are known as a uniform resource locator (URL):

https:      //www.comparitech.com/      about-us/

(scheme)                  (host)                       (path)

The scheme name in the above refers to how the client (your computer) browser should frame its requests to access the resource server. For the pages of a secure website, the scheme “https” is used.

HTTPS is a version of the hypertext transfer protocol (HTTP) where all traffic between the client and the server is encrypted. HTTP is an application layer protocol that is used to fetch hypertext documents, as well as images and videos.

The next part of a URL is the host name. This is the domain name of the server that stores the web page. In this case it’s “www.comparitech.com.” Traditionally, host names begin with “www” for web servers, “ftp” for an FTP server and “nntp” for a Usenet news server.

The final part is the path name. This is the particular file that you’re requesting from the web page’s server. In our example URL, the file is the “about-us” page.

A URL containing “www2” in its host name refers to an entirely different server than one containing “www”, but that belongs to the same owner. These alternative servers often store copies of the original website.

However, some organizations use “www2” servers to store web pages relating to sub-domains. For example, the international clothing retailer, H&M, uses https://www2.hm.com/en_gb/index.html as a subdomain for shoppers in the UK.

Are “www2” sites safe?

Although ”www2” is becoming less common, as better ways of balancing server load become established and developers move away from the practice, you do still see it. The important thing to know is that it’s nothing to be concerned about. Essentially, if you trust the higher level domains beyond the “www2” label, then you can trust the site.

So, for example, you could trust www2.comparitech.com as you know – or should know – that the rest of the domain – comparitech.com – is safe.

Problems arise when attackers make slight changes to the remaining part of the domain in an attempt to direct you away from the site you intended to visit. For example, they might try to direct you to a malicious site they’ve made called comporitech.com. Domain spoofing of this sort normally forms part of a phishing attack carried out via email or other messaging service.

DNS spoofing attacks are a different sort of threat and involve attackers mixing up lists of public IP addresses. The result is that domain names are no longer linked with the correct IP addresses. Attackers can thus send people who’ve entered a valid website URL to a fake domain instead. Unfortunately there’s not a great deal that individuals can do about DNS spoofing attacks apart from immediately leaving the website they’re directed to.

Load balancing algorithms: the end of “www2”?

Modern websites take advantage of load balancing algorithms to provide single internet service from multiple servers. This does away with the need for alternative “www[n]” hosts to be specified.

Load balancing equally distributes page requests across all servers that are capable of fulfilling those requests. For example, a server farm might have three servers for the English version of a particular site. As requests come in, the load balancer will evenly spread those seeking the English site across the three relevant servers.

If one of these servers goes down, the load is spread between the remaining two until the third is back up. For this reason, it isn’t necessary to specifically direct traffic to a “www2” copy of a site.