The misconfiguration where IIS is not configured to return a hostname and with a blank or no Host header HTTP/1.0 Request it responds with a Internal IP Address
IIS Servers
curl -v -I --http1.0 http[s]://[ip address]/aspnet_client -k -H 'Host:'
Test Fail: Machine Misconfiguration : Location header points to an internal IP
Test Pass: Machine not Misconfigured : Location redirect has a hostname or blank