A great many websites have this running:
https://publicwww.com/websites/"static.addtoany.com"/3
being worked through Cloudflare cloud-service: https://www.shodan.io/host/104.22.71.197
B-grade scan: https://www.ssllabs.com/ssltest/analyze.html?&hideResults=on&d=static.addtoany.com

Why it’d better be blocked: https://www.virustotal.com/gui/ip-address/104.22.70.197/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

A random example of such a website ith static.addtoany.com script follows here, e.g.:
wXw.mycoronadiet.com

Also one engine to alert this a a PHISHing site: https://www.virustotal.com/gui/url/0cdde3aa391f831d294c28e62fe23d2ce0cffc54302d5fefa5076531f873f44c/detection

When we scan the http:// version of that site against DOm-XSS sinks and sources,
we get for the main site: Number of sources found: 14
Number of sinks found: 122

But we also stumble upon -https://www.kurapica.net/ & -https://yourcreditjeweler.net/ & -https://interine.net
last two cannot be reached! (What is going on there at ASTRALUS in the Netherlands/Leaseweb related?).

Furthermore we get: Results from scanning URL: -https://www.mycoronadiet.com/wp-includes/js/imagesloaded.min.js?ver=3.2.0
Number of sources found: 0
Number of sinks found: 3

Results from scanning URL: -https://www.mycoronadiet.com/wp-includes/js/masonry.min.js?ver=3.3.2
Number of sources found: 0
Number of sinks found: 2

Results from scanning URL: -https://www.mycoronadiet.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.7
Number of sources found: 4
Number of sinks found: 8

Results from scanning URL: -https://www.mycoronadiet.com/wp-content/themes/twentyseventeen/assets/js/navigation.js?ver=20161203
Number of sources found: 17
Number of sinks found: 2

etc. etc.

Linked sites: Linked Sites
Google Safe Browse checks have been performed on each of the linked sites. Links with poor reputation could be a threat to users of the site. Hosting and location are also included in the results.

Externally Linked Host Hosting Provider Country
-www.facebook.com Facebook. Ireland
-www.instagram.com Facebook. Ireland
-www.youtube.com Google LLC United-States
-www.pinterest.com Akamai Technologies. United-States

Privacy impact score: B - https://webcookies.org/cookies/mycoronadiet.com/30471321?905386

Third party persistent httpOnly cookie:
uvc
Generic AddThis tracking cookie

» More…
Type: HTTP Cookie
Domain: -addtoany.com
This cookie expires in 1 days
Secure The cookie sets the Secure flag but is itself set on a non-TLS (plaintext HTTP) website. New browsers will ignore such cookies under the Strict Secure cookie policy
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It’s recommended that cookies storing authentication-related session token are protected by the flag

As we stated above this a link to -https://webcookies.org/cookies/static.addtoany.com/2353367
which is blacklisted and with Type: Suspicious Pattern: generic_javascript_obfuscation4
JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)

Type: Suspicious Pattern: generic_javascript_obfuscation5
JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)
static.addtoany dot com/2353367 comes listed at Ultimate.Hosts.Blacklist (Q.E.D.)

Q.E.D., in this case we arrived back at the starting point of the discussion in this topic on -addtoany tracking.

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)