[gruez]

>The funnier bit? This site is RSA protected

What does that even mean?

[ivanbakel]

You send them your public key in a GET request, and the payload you get back is the encrypted HTML page. Make sure to pick a big enough key size, or you might not see the whole thing...

[bungie4]

No, in this case it's RSA SecureID

https://en.wikipedia.org/wiki/RSA_SecurID

A one time, time based hash as 2FA. Despite using this 2FA, the bad code completely circumvents it.