Whenever a contact takes an action that ActiveDEMAND can associate with an IP address, the IP address is listed in the table in contact's activity. This can be an email open, link click, page visit, etc.
If you see an IP address that you do not recognize, this is likely a bot click. Security software installed on email servers can and will click links. This is not a security issue, it is something that is put in place by companies to ensure the links are real. Most security software tries to impersonate a real user, thus it is very difficult to detect a click that is from an actual person vs a click from the firewall.