The security team at CloudSavers Inc. has noticed inbound traffic to a private EC2 instance from a public IP (198.51.100.2) in their VPC flow logs, showing an ACCEPT action for their NAT gateway. A solutions architect needs to determine if this traffic is unsolicited, given the VPC CIDR block starts with 203.0. What steps should be taken?