“Normally, typing something into a username box should never be making any external network connections, so the fact that it does proves that Log4j is being used here and therefore that the server may be vulnerable to the remote code execution attack,” Ars reader skizzerz explained in the comments below.