I can’t find anything suspicious in the index.html
Unity games run inside of an entire virtual machine with code stored in the binary files that are shipped along with your game, if there’s something malicious in your game then there’s a good chance the code for that is located within that binary file, and not sitting in plain sight in your index.html file.
Also it may simply be some shady ad, if you have integrated some in-game ad SDK
This seems like the most reasonable explanation