The cookie scraper can't be the whole story. By itself cookies won't dox you unless some exploit is used. I suspect that it could have been done through registrar information as ICANN requires registrants to provide contact information that includes legal name, address and such.
Imagine for a moment, you're someone who doesn't practice OpSec, a child, a grandparent, or a boomer. You're logged into every website that requires an account, Amazon, Youtube, Gmail, etc.
You, like other internet casuals usually save this login information, and allow it to be stored on your browser's cookies. Then you visit a website that scrapes those cookies, and what you have is a sandbox to work with to begin reverse profiling. Let's say you're really casual, and your Gmail account links to your Youtube, which links to your Twitter, which links to your Discord. That's easy, and done within 10 minutes without the need of leak registries. If you decide to go further, you can use leak registries to or "Username taken" sites to specifically look up where the accounts are utilized and scope them out. 0Trocks was an example of one such database, utilized for malicious reasons.
Bear in mind, it sounds like a lot of faggot skid work, and it is; but that is, on the programming side, you are dealing with. Faggot skids who utilize this system to specifically find children online to fuck and harass, make money off of, get internet sinister points (cred), and act out against people who are investigating it. They play it off as "I'm l33t hax04, fear me, when they show up in Discord DM's to a target" but the reality is that they spent around 10-15 minutes reverse profiling because of internet casuals from information maliciously/deceptively acquired. It's actually even easier than just using a "total sinstar l33t" scraper, as in just owning a website that you have root access logs to, you literally can just see the IP's and times IP's did certain things, once you've identified the IP, it's just working a reverse profile from that point utilizing whatever faggot tools you have for your faggot skid faggotries.
Hence the warning: Do not visit the website without a VPN or Clean Device, because your data, unironically, is being utilized by malicious actors.
When Mela was still in the game, this was much more prominent, but now in the current days of Elaine, Krapsk, and other massive faggots, it's not really utilized or improved upon because of Zoomer Attention Span sitting on a toolbox they don't use unless they want a specific target.
I said sinister because it's the faggy schizo O9A larper version of based, but I was specifically referring to the comment about "Do NOT visit Skibidi Farms". Saying that is going to do nothing but make people want to go there and my point was it would be more productive to give op-sec tips instead of jerking off the Skibidi's ego
They're skids man, if it's not prepackaged for them they're not fucking with it. I highly doubt their site has anything wrong with it that a VPN, private window and user agent masker can't fix. The URL getting hijacked + the hijacker getting doxed was a work, so I'm left without an example of them actually compromising a visitor
The OPsec bit is common sense, "Don't be a casual" however, also, do not go to the website; it's nothing to do with jerking off their ego, and everything to do with "They have malicious intent with your data." Never go to a website that specifically uses your data in a malicious manner.