Product scraping
Paste a URL.
Get a product.
One click captures the logo, the tagline, the OG image, the theme color, social links and JSON-LD. Built in-house. SSRF-guarded.
Product URL
Captured
Hloframe
hloframe.com
SaaS · Design
Most marketing tools ask you to fill in twelve fields. Ours asks for one.
What we extract
More than just the favicon.
Logo
JSON-LD organization, then apple-touch-icon, then any logo-classed image.
Favicon
High-res icon, falls back to /favicon.ico if nothing else exists.
OG image
og:image then twitter:image then twitter:image:src.
Theme color
meta name=theme-color, validated as hex.
Security
The scraper that refuses to fetch your AWS metadata.
SSRF guard
DNS resolved. IP checked. Redirect chain re-checked.
Before any fetch, we resolve the hostname and reject every private, loopback, link-local, RFC1918, IPv4-mapped or cloud metadata range. Re-checked at every redirect hop.
You can never paste an internal URL and exfiltrate cloud creds via the response body. Tested against 169.254.169.254 and friends.
Blocked ranges
0.0.0.0/8 loopback / current 10.0.0.0/8 RFC1918 private 127.0.0.0/8 loopback 169.254.0.0/16 link-local + cloud metadata 172.16.0.0/12 RFC1918 private 192.168.0.0/16 RFC1918 private ::1 IPv6 loopback fc00::/7 IPv6 unique-local ::ffff:* IPv4-mapped (re-checked as v4) file:// data:// non-HTTP schemes
Tech specs
- Engine
- Custom: native fetch + cheerio HTML parser
- Timeout
- Configurable, default 15 seconds
- Redirect handling
- Manual, max 5 hops, SSRF re-check on every hop
- User-Agent
- RookGTMBot/1.0 (configurable per workspace)
- Outputs
- name, tagline, description, logoUrl, faviconUrl, ogImageUrl, primaryColor, social links, JSON-LD
- Run direction
- Server-side only. No client-side fetches from user URL.