The obfuscated JS is enclosed in “<!–2d3965–>” and “<!–/2d3965–>” tags.
De-obfuscated JS checks a cookie value to determine if the page was loaded in the browser previously. If the code is being loaded for the first time, it then creates a cookie called “visited_uq” which is set with a value of “55” for one day with a path of ‘/’. It then calls function which creates an iFrame.
The following code performs an iFrame redirection to “hxxp://ecurie80.hostzi.com/Felenne12/clik.php”