I never go deep into csrf protection with F5 actually. Looking a this page could be a good start : https://support.f5.com/csp/article/K11930
CSRF violations
When the system detects a CSRF attack on a protected page, such as a request for a URL that does not include the appropriate token, the system issues a CSRF attack detected violation.
To prevent token hijacking, the system also supports token aging. If the token is expired, the system issues a CSRF authentication expired violation.
Looking at your URL, there is no token in the URL of the request that are send when you send ant attack, and there is one when you send a legitimate request. When it could be related to expiration in this token.
Cheers,
Sam