You don’t. There is no such relation in the Internet.
What you can find is which IPs belong to a certain company. But there is no standard query for this lookup, only the reverse (which company owns this IP).
Now lets make a little experiemnt and look into searchopensource.techtarget.com specifically
% host searchopensource.techtarget.com
searchopensource.techtarget.com is an alias for sites.techtarget.com.
sites.techtarget.com has address 220.127.116.11
% whois 18.104.22.168
UUNET Technologies, Inc. UUNET65 (NET-65-192-0-0-1)
22.214.171.124 – 126.96.36.199
TechTarget.com UU-65-214-43 (NET-65-214-43-0-1)
188.8.131.52 – 184.108.40.206
this tells us that this site is in a 220.127.116.11/24 network owned by TechTarget.com, and that their ISP is UUNET Technologies.. Now we continue quering the same registry (ARIN == American Registry for Internet Numbers) to see what TechTarget.com has in that area
% whois TechTarget.email@example.com
Address: 117 Kendrick Street Ste 800
NetRange: 18.104.22.168 – 22.214.171.124
So it seems this is the only address space they have registered in America. But they may well have addresses in other areas of the world, and not all registrys is as easy to query.
You also need to remember that this gives you just IP addresses, not sites. There may be other “innocent” sites in the same IP range. Mort certainly so if you find IP addresses not owned by the same company as the domain as they then are quire likely hosted in a web hotel, maybe even with a virtual domain hosting sharing the same IP with many other domains.