Indeed! There's unencrypted data sent, or posted, to xcorp.com without HTTPS that could be password information.
xcorp.com
Don't you think that there may be unencrypted data in the tcp-http:80 traffic?
tcp-http:80