1 - Did you intentionally put "false" as a third paramter to .open()? You should immediately set it to "true"
2 - Is http://www.ssicat.com
the same domain, sub domain and protocol the current page has been served from? I am asking this because otherwise it would be a cross domain request that would require the server to send a specific resonse header (Access-Control-Allow-Origin) in order to allow requests from other origins :-)