Is this GET request malicious to XenForo 2?

[ShikiSuen]

I wonder whether the AAPanel Enterprise Firewall is too sensitive...
(This is my friends' site. I am helping him checking the web security logs.)

GET /service_worker.js HTTP/1.1
accept-language:zh-cn
accept:*/*
service-worker:script
referer:
host:DOMAIN_CENSORED_PER_REQUEST_FROM_SITEMASTER.XXX
origin:https://DOMAIN_CENSORED_PER_REQUEST_FROM_SITEMASTER.XXX
cookie:xf_lfs_group_threads_selected_tab=hottest_threads; xf_session=vGGv2_qPZMf-_uKt7C1Fa4vKmjoimDVn; xf_user=2905%2Ca8BZiNS6uRTNgS8KrbpnrGJ9lhFPeT_Q3lqLYH0h; xf_csrf=yfppkkdqyDIzXdQT; xf_from_search=baidu; xf_language_id=2
accept-encoding:gzip, deflate, br
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15

 

[ShikiSuen]

It looks like this might be an innocent case since the IP matches a registered user.
Is this because that the "select" and "from" triggered the AAPanel MySQL Security? (I just guess.)

 

[ShikiSuen]

Temporarily disabling the AAPanel built-in "non-browser" filter due to oversensitivity.

 

[Chris D]

Looks like it is picking up the word “from” inside the xf_from_search cookie.

That’s a default XF cookie so nothing to worry about.