On level 4, it is assumed that the attacker owns a domain name. Given solutions use 2 unicode characters for the domain name, totalling 6 bytes. The actual shortest domain name in use is 'uz' (<a href="http://uz/" rel="nofollow">http://uz/</a>) which is a registrar for .uz, Uzbekistan's ccTLD, making the answer shorter by 4 bytes.