As far as I know, and I'm wrong regularly, the only identifying information that could be logged when Node X broadcasts an unconfirmed transaction to other nodes, connected peers, is Node X's ip address. It might be the first time the connected peers have seen the transaction but that doesn't mean it's the "first broadcast". Just the first time it has been seen by them. Node X could have got the transaction from Node Y and validated, stored in mempool, and rebroadcasted it. I guess if someone was targeting you they could collect data over time and try to make an educated guess. If Node X uses tor, it makes this possibility of tracking even more unrealistic.