Your company provides a popular gaming service with instances using private IP addresses, and external access is routed through a global load balancer. You suspect a potential malicious actor but are unsure of the correct client IP address. How can you identify this actor while minimizing impact on legitimate users?