If you perform a client credentials grant against your tenant and you incorrectly input the client identifier this will still generate a tenant log for that failed attempt. In other words, I can replicate a similar log event in my own tenant with that client identifier as well.
If the IP address associated with that tenant log is not one that you would consider associated to your system a possible explanation would be some incorrect configuration by another person that lead to using your tenant name instead of their. However, this would be an edge case so I would also check if you have any extensions installed in your tenant that may be trying to perform such exchange. When certain extensions are installed they may create a client application for this exact purpose; if this application is then deleted I believe you could create the conditions for this scenario.