That’s called spoofing. In this case they try to start a DNS amplification attack where a few Bits can be amplified up to Gigabits
Attacker sends a small amount of packets to a few (infected) systems. They again send requests to more systems. Once there’s enough bandwidth power, the source IPs will be replaced (spoofed) with the desired target IP. In this case 18.104.22.168.
Al those machines send tons of requests to thousands of IP addresses on port 53. Misconfigured DNS servers will answer to those requests with a few bits. Summarized they will hit the target (22.214.171.124) with hundreds of MBit/s or Gbit/s.
This will cause a Denial of Service or at least overutilization of the target’s network slowing down the responses of 126.96.36.199
They tried to use your connection as a part of an amplification attack.