Yes sir, that are CSS and JS file. I think LScache plugin working in server side, so hacker can detected real ip. Two day ago, I turn off plugin and it not leak real ip. I can't confirm it's LSCache, but I can't find another reason.
I am still not sure if it has anything to do with it. But if you can reproduce it by enabling the LSCWP again and get those IPs, maybe we can take a look or just share the log here so we may have a better idea.