I'm trying to understand, are these traces of brute in the logs?

I

Ivan Petrov2021-05-12 17:48:07

MODX

Ivan Petrov, 2021-05-12 17:48:07

37.46.114.115 - - [25/Apr/2021:08:57:47 +0300] "GET /manager/ HTTP/1.0" 200 7386
37.46.114.115 - - [25/Apr/2021:08:57:49 +0300 ] "POST /manager/ HTTP/1.0" 200 7670
37.46.114.115 - - [25/Apr/2021:09:16:50 +0300] "GET /manager/ HTTP/1.0" 200 7386
37.46.114.115 - - [25 /Apr/2021:09:16:51 +0300] "POST /manager/ HTTP/1.0" 302 -
37.46.114.115 - - [25/Apr/2021:09:16:52 +0300] "POST /manager HTTP/ 1.0" 301 244
37.46.114.115 - - [25/Apr/2021:09:16:53 +0300] "POST /manager/ HTTP/1.0" 200 23429
37.46.114.115 - - [25/Apr/2021:09:28 :47 +0300] "GET /manager/ HTTP/1.0" 200 7386
37.46.114.115 - - [25/Apr/2021:09:28:48 +0300] "POST /manager/ HTTP/1.0" 200 7670
37.46.114.115 - - [25/Apr/2021:09:35:50 +0300] "GET /manager/ HTTP/1.0" 200 7386
37.46.114.115 - - [25/Apr/2021:09:35:51 +0300] "POST /manager/ HTTP/1.0" 200 7670

And there are many many such lines between April 25 and May 1 from different ip addresses breaking into the /manager/ directory. As a result, the site was hacked. Does this mean that it was hacked with the help of a brute?