The LinkedInBot

The LinkedInBot is a scraper used by the social network linkedin to gather information about URLs that are shared in posts or messages. It is used for example to display the preview of a link in a post.

As of April 2024, the Linkedin bot has the following user-agent: LinkedInBot/1.0 (compatible; Mozilla/5.0; Apache-HttpClient +http://www.linkedin.com)

It operates from IP addresses that belong to the LinkedIn Corporation autonomous system (AS). For example, IP = 108.174.5.113.

How can I verify if LinkedInBot is really coming from Linkedin?

As usual, relying solely on the user-agent to authenticate a good bot is really risky as this field can be modified by any attack. Instead you can either verify that:
  • Either the user-agent is linked to the LinkedInBot and the autonomous system is LinkedIn Corporation ;
  • Or you can run a reverse DNS (more details below) to verify the ownership of the IP address.

How can I use reverse dns to verify if an IP belongs to Linkedin?

You can run a reverse dns using the host command.

For example, to test the IP 108.174.5.11:

host 108.174.5.11

It returns the following output:113.5.174.108.in-addr.arpa domain name pointer 108-174-5-113.fwd.linkedin.com.

As you see in the previous example, we see the substring linkedin.com which indicates that this IP belongs to linkedin. This can safely be used to authenticate the LinkedinBot.