This IP is not associated in any way with Greenbone. Furthermore the scanner is not contacting any IP’s other than the ones set as targets to scan.
To give you some details about active (trying actively to show the presence of the vulnerability on the target) Log4J checks:
The scanner is trying to get a connection back from the application by sending crafted requests (e.g. via HTTP) to the target including known payloads.
If the application is affected it will try to connect back to the scanner to a certain TCP port (currently in the range of 10000-32000) which the scanner will be looking for and report accordingly.
There might be that other IP’s than the scanned one which will reply on a Log4J scan depending on the affected application and it’s configuration (e.g. the request/payload gets passed to other systems where the actual processing will be done and finally doing a connection back to the scanner) which might even be outside of your scanned network range.
Hope this gives you some clarification and maybe further pointers to investigate…