This detection rule focuses on monitoring traffic to the cloud storage service mega.nz (and its alternative domain mega.co.nz). The use case is concentrated on identifying potential malicious activities, specifically by threat actors using Mega.nz for Command and Control (C2) operations. Such operations may involve malware fetching instructions, downloading malicious tools, or even exfiltrating stolen data by uploading it to the Mega.nz service. While not every instance of traffic to Mega.nz is malicious, spikes or unusual patterns warrant further investigation. This rule captures all relevant web traffic utilizing Splunk, filtering for entries that match Mega.nz domains. It also enriches the data by performing DNS lookups on the destination IPs to provide hostname information, along with geolocation data, thereby aiding analysts in contextualizing the traffic observed.