If anyone is using boom or thinking about it best to take measures to protrct yourself or hold off signing up until fixed.
I'd be interested to see how long it was actually like this. Anyone with time want to dig into the Internet Archive and see?
I took the time to look but there is only one snapshot for 2020 in the internet archive and it shows "forbidden". I went back to the last one available and there is no "document.write" anywhere.
Boom.us IP address 107.181.162.35 resolves to hostname: cloud-web6.pinnaclecart.com
This suggests PinnacleCart is the hosted eCommerce platform used by Boom.us.
Upon visiting https://cloud-web6.pinnaclecart.com there is a cPanel logo at bottom of page.
This suggests PinnacleCart may use cPanel for deployment.
Related?:
PinnacleCart Server-Side Skimmers and Backdoors
ETA:
myaccount.boom.us IP address 24.116.36.200 resolves to hostname: 24-116-36-200.cpe.sparklight.net
This suggests the ISP of myaccount.boom.us server is: sparklight.net (sparklight.com)
ZIP code of Boom.us according to domain WHOIS: 74003 (Bartlesville, Oklahoma)
This ZIP code is in the coverage area of Sparklight.
My guess is myaccount.boom.us server is managed in-house.