If Data Smuggler is showing the destination IP (target) of the detection as an internal IP address it is possible that the given IP address is that of a proxy server. For the purposes of the Data Smuggler, detection proxy servers are considered "external" as they are gateways to devices external to the network.
This may occur during normal operation when the algorithm is able to identify smuggler-like behaviors but is unable to determine the final destination of the traffic.
If the detection contains a packet capture (see the related article How are PCAPs created?) this packet capture may give the Analyst further information to assist in their investigation.
Further information should also be available in the proxy logs, showing the client connection and the final destination, the data transferred, and other associated information.