The LinkedInBot

The LinkedInBot is a scraper used by the social network linkedin to gather information about URLs that are shared in posts or messages. It is used for example to display the preview of a link in a post.

As of April 2024, the Linkedin bot has the following user-agent: LinkedInBot/1.0 (compatible; Mozilla/5.0; Apache-HttpClient +http://www.linkedin.com)

It operates from IP addresses that belong to the LinkedIn Corporation autonomous system (AS). For example, IP = 108.174.5.113.

How can I verify if LinkedInBot is really coming from Linkedin?

As usual, relying solely on the user-agent to authenticate a good bot is really risky as this field can be modified by any attack. Instead you can either verify that:

• Either the user-agent is linked to the LinkedInBot and the autonomous system is LinkedIn Corporation ;
• Or you can run a reverse DNS (more details below) to verify the ownership of the IP address.

How can I use reverse dns to verify if an IP belongs to Linkedin?

You can run a reverse dns using the host command.

For example, to test the IP 108.174.5.11:

host 108.174.5.11

It returns the following output:113.5.174.108.in-addr.arpa domain name pointer 108-174-5-113.fwd.linkedin.com.

As you see in the previous example, we see the substring linkedin.com which indicates that this IP belongs to linkedin. This can safely be used to authenticate the LinkedinBot.

Other recommended articles