They are are using a 53-bit hash cyrb53 [1] of the string "IP address + website domain + user agent + language + validity days". It looks feasible that many of the generated IDs could be retroactively brute-force mapped back to an IPv4 address with high confidence (small chance of error due to hash collisions).
[1] https://stackoverflow.com/questions/7616461/generate-a-hash-...