It turns out that the suspicious activity is from an app called Mi Home (米家) from Xiaomi. As such it is natural for that said “GET /cgi-bin/luci/api/xqsystem/init_info HTTP/1.1″ part to appear.
I checked the related Apache web log earlier after I turned up my Samsung A31 first and then fired up the said app a few minutes later to verify my suspicion.
Case solved.