We know that for one browser session one requester will be created.
-->What you can do is hit your environment URL in browser (Not mashup one) it will prompt to login screen there don't login.[here one requester will be created that you can see in requester management].
-->In the same tab you remove the environment URL and give your file path (mashup file) don't hit unless you open remote tracer.
-->Open your environment in some other browser and go to requester management and select the correct requester and do the remote trace.
The activities being called should be determined by what Servlet you're using the the URL.
This should tie back too an entry in the WEB-INF/web.xml which will be associated with a Authentication Service rule. In the service rule this will define an activity which is called during the login.
So theoretically, for the purposes of debugging (remembering not to leave it in once you've finished debugging) you could add a Wait step to the start of the activity and see if this gives you sufficient time to identify the requestor in a remote trace.