What is the localityName in the Certificate Issuer data for HTTPS traffic to 220.127.116.11?
Use the file from Evil Corp's Child.
Continuing to use the Zeek logs generated during “Evil Corp's Child 1 I extract the destination IP and the “subject” attribute from the SSL certificates (which will contain the locality attribute) and search for the provided IP.
$ cat ssl.log | /opt/zeek/bin/zeek-cut id.resp_h subject | grep -F "18.104.22.168" 22.214.171.124 CN=Inawe0deouna.pics,O=Bulloccea B.M.,L=Mogadishu,C=SO 126.96.36.199 CN=Inawe0deouna.pics,O=Bulloccea B.M.,L=Mogadishu,C=SO
The complete flag is