If you're an ISP, then you should know this - take note of the last line.
Notice that the bottom IP Address is 141.76.1.121. This resolves to proxy1.anon-online.org which is the proxy
server used by JAP to tunnel the connection.
The ISP or company proxy logs in this case are useless, as all data to and from the server and client is
encrypted. The logs of HTTP-based e-mail server are also useless as the IP address of the JAP server will only
show in the logs. The line below shows the corresponding entry in the web server log:
141.76.1.122 - - [12/May/2004:21:09:00 +0530] "GET /webmail HTTP/1.0" 302
277 "-" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1) Opera 7.50 [en]"
Figure 12: Web Server Log Entry Related to the E-mail Sent Via JAP
Notice that the IP Address in the log is 141.76.1.122. This resolves to proxy2.anon-online.org which is
another proxy server used by JAP to tunnel the connection. The only way to trace e-mail sent this way is to
access the logs of servers running the tunnelling service. In this case, both 141.76.1.121 and 141.76.1.122
should be checked. Obtaining these logs depends on the country in which the server resides and also the type
of case in which the e-mail is involved. Paedophilia and terrorism cases get high attention and level of
cooperation. Harassment and threat e-mails usually are not responded to as quickly and sometimes not at all.
Nevertheless, an increasing number of anonymity servers maintain logs and provide them to law enforcement
on request.