Mysterious hint, that.  Of course I know how the flag format looks
like, they always start with `hsctf{` and end with `}`.  Entering
something looking like a flag and something entirely different reveals
interesting timings in the network inspector:

- `a`: 0.1s
- `h`: 0.6s
- `ha`: 0.6s
- `hs`: 1.1s
- ...

It's as if the flag is compared one char at a time, with 0.5s waiting
time after a successful comparison.  Knowing this one can write a
script that:

- Starts with a given prefix
- For each possible character
  - Tries the prefix with that characters
  - Measures the time taken to find the likeliest character
- Appends the most likely character to the prefix
- Continues until the end of the flag has been found

There are a few more difficulties though:

- It's not obvious what the charset is.  Too big and you spend too
  much time waiting.  Too small and you might not guess the right
  character.  I went with lowercase letters sorted by usage frequency,
  digits, space and underscore.
- Sometimes false positives will happen.  This could be detected
  because with an incorrectly guessed character, subsequent guesses
  will take less time.  I went with adjusting the known good prefix,
  then rebooting the script.  Eventually it guessed enough of the
  flag.