I am talking about some way to report it (without exposing my identity - using Tor browser) or let it be shutdown.
Related Tor FAQ: https://support.torproject.org/abuse/#abuse_remove-content
Report1: https://report.cybertip.org
Report2: https://www.iwf.org.uk/en/uk-report/
Report3: https://www.inhope.org/EN#hotlineReferral
Here is how to report bad site, in case you find any clearnet traces on the .onion site, incl. email address.
In this particular case, I have been able to spot the ODER/BUY NOW link which lead to a clearnet site. Within a second, it then redirected to a onion site, where I have found an e-mail address. So i had 2 ways to report this (clearnet website and an e-mail).
So run whois lookup (for example at https://who.is/whois/ for mentioned clearnet redirect domain name) and inside the output, discover which nameservers/hosting company it is using. Since it has been using Cloudflare, I have submitted the report form on Cloudflare site. Second thing is that e-mail address the paedopile worm provided on the site. I could visit that email service domain to find abuse contact. I have written steps on how i have discovered the initial link and found the e-mail so they can verify the case.
Do you know other way when you do not find any clearnet traces?
Honestly, for me, I’d refer this to law enforcement. I don’t know what country you’re in, but in the US, I’d go with the FBI.
Yea why would that be a matter of "hit report button"? This is proper crime, you won't ever do better than the intelligence agencies can.