The internet protocol address is an electronic address that devices use to identify and communicate with each other on a computer network.
The Estonian defence ministry also said that Russian-language instructions on how to jam the websites had been circulated on the internet.
Estonia first suggested on May 1 that the attacks had originated in Russia, but a Kremlin spokesman dismissed the allegations that it was involved.
Dmitry Peskov said the hackers must have used a fake Kremlin IP address in attempt to implicate the Russian authorities.
Nato said its systems in Estonia had not been hacked, but it had sent its expert because attacks against one member of the organisation are considered an assault on the whole alliance, a Nato official told The Associated Press news agency.
"Because it's an Estonian problem, it's also a problem for us. We do take security very seriously," he said.
The situation is expected to be discussed at an EU-Russia summit which starts on Thursday in Samara, southeast of Moscow.
"I'm sure this issue will be one of the talking points," the Estonian defence minister said. "I felt strong support from my partners."
The Estonian Informatics Centre, an agency that oversees the government's computer networks, said the cyber-attacks were coming from all over the world, including Russia.
Aaviksoo added that more than one million computers from across the world had been used to carry out the so-called denial-of-service attacks.
The attacks started after the removal on April 27 of the Bronze Soldier, a statue which commemorates Red Army soldiers killed fighting the Nazis but which many Estonians consider a bitter reminder of five decades of Soviet occupation.