Onion site at IP?

If I suspect a public IP may be hosting an onion site, is there a way to verify this? Shodan doesn’t have any info on the IP, torproject says it’s not a node/bridge.

Compare the http headers.

Run an nmap scan on common alternative http ports to see if the onion is public.

Done - no differences in target and known “good” IPs. All tests were same ISP as target.

Known ‘Good’ #1

Not shown: 997 filtered ports
PORT    STATE SERVICE VERSION
21/tcp  open  ftp?
80/tcp  open  http?
443/tcp open  https?

Known ‘Good’ #2

Not shown: 997 filtered ports
PORT    STATE SERVICE    VERSION
21/tcp  open  tcpwrapped
80/tcp  open  tcpwrapped
443/tcp open  tcpwrapped

Target

Not shown: 997 filtered ports
PORT    STATE SERVICE    VERSION
21/tcp  open  tcpwrapped
80/tcp  open  tcpwrapped
443/tcp open  tcpwrapped

Edit: Additional scan data added and formatting

Visit the site on the public IP to see if it is the same (pass the Onion host header also)

just tested by standing up a hidden server and scanning the public IP with same results as known “good” #1. Bleh.