What is the localityName in the Certificate Issuer data for HTTPS traffic to 22.214.171.124?
Use the file from Evil Corp's Child.
Continuing to use the Zeek logs generated during “Evil Corp's Child 1 I extract the destination IP and the “subject” attribute from the SSL certificates (which will contain the locality attribute) and search for the provided IP.
$ cat ssl.log | /opt/zeek/bin/zeek-cut id.resp_h subject | grep -F "126.96.36.199" 188.8.131.52 CN=Inawe0deouna.pics,O=Bulloccea B.M.,L=Mogadishu,C=SO 184.108.40.206 CN=Inawe0deouna.pics,O=Bulloccea B.M.,L=Mogadishu,C=SO
The complete flag is