HACKvent 2016: Day 1

Challenge

Santa receives an email with links to three pictures, but every picture is the same.
He talks with some of his elves and one says, that there is some weird stuff happening when loading these pictures.
Can you identify it?

Link 1: http://ow.ly/unCT306N19f

Link 2: http://ow.ly/xW3h306N18f

Link 3: http://ow.ly/3wfc306N10K

Solution

We confirm that each link does indeed lead to the same destination URL. I can notice a redirection (301 permanent) occurring with each link thanks to a nifty HTTP logging plugin I have for Chrome called Live HTTP Headers. You could also use various online services to check the redirection(s) occurring for each of the 3 links. For example, you could use: redirectcheck.com

We see the following sequences of redirection for each link:

Link 1

http://ow.ly/unCT306N19f

http://bit.do/HV16-t8Kd

https://upload.wikimedia.org/wikipedia/commons/thumb/7/7c/Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg/220px-Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg

Link 2

http://ow.ly/xW3h306N18f

http://bit.do/38aY-QxL5

https://upload.wikimedia.org/wikipedia/commons/thumb/7/7c/Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg/220px-Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg

Link 3

http://ow.ly/3wfc306N10K

http://bit.do/bn4K-c6Lw

https://upload.wikimedia.org/wikipedia/commons/thumb/7/7c/Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg/220px-Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg

We notice the string HV16 in the bit.do link for Link 1 and that there is 4 characters, then a hyphen, and then another 4 characters in the short URL for each link. This gives me the idea that the text after each bit.do link can be combined to create the nugget. We join these strings together, adding a hyphen in between each of the 3 strings, to obtain our flag!

Flag:

HV16-t8Kd-38aY-QxL5-bn4K-c6Lw