In short, it was due to another abuser using the safe to host full-length anime episodes and tv shows.
This time the files appeared to be hosted in a popular site or something, as it easily brought the safe to over 17k requests in 30 minutes (it lasted for a couple hours), and network output capping at 265Mbps.
For the curious, that was roughly 4 times our average traffic (both requests and network output).
Main reason of the overload was network bottleneck. CPU, memory, and whatever other nonsense weren't really being burdened that much. It just couldn't allocate enough network speed for everyone else. (Correction on Part 2)
With that said, I've banned the user and deleted all of their files (cause as I've repeatedly mentioned, full-length anime epidoes or tv shows are no-no). In total they were 170 files at around 45 GiB.
Check out the takedown logs for specific file names.
Geez. Just pay for your own video hosting.
Other than that, I had also installed GoAccess to better analyze my nginx's access logs from now on.
With it I can finally analyze which files are using the most bandwidth and whatever other nonsense, and it works from the terminal too! Pretty HTML dashboard is a bonus.
I previously merely used Nginx Amplify for overall analytics, but it couldn't really tell me which files were using the most bandwidth and all that jazz. Still, it was pretty good.
Anyway, that's all. See ya folks.