First of all you need to know that we are open-source service, and we can't afford special personal just for full-time abuse reading. In fact, this service not making any profit at all, but still need some money to run it.

Anyone can use this url-shortener to make redirect from shorter url located on hda.me/xxxxx to possibly any url. We didn't check original url, since this is against our and any reasonable private policy.

If you still willing to send abuse report to us after all, please use this template:

Email subject: Phishing report to hda.me

We discovered phishing link on yours website: https://hda.me/link35235
Could you delete or change this link, please?

Regards,
Name, Corporation.

Email for abuse: abuse@hda.me, and a copy to admin@hda.me, please.

By the way is better to check your security then deal with external resources if you give possibility to embed contents from remote resources or accept POST or another requests from * this is your problem. What can you do is:

Another more advanced options could be to enable certificate pinning (you can't fully use it with cheap or free CDN plans), enable DNSSEC (could be possible with cloudflare CDN) and TLSA records for your website. More interesting option will be two-factor authentication, or certificates for clients sign-in.