Good Job! It looks like you accidently disclosed the target in your XSS pop-up :)