I am talking about some way to report it (without exposing my identity - using Tor browser) or let it be shutdown.

Related Tor FAQ: https://support.torproject.org/abuse/#abuse_remove-content

Report1: https://report.cybertip.org

Report2: https://www.iwf.org.uk/en/uk-report/

Report3: https://www.inhope.org/EN#hotlineReferral

Here is how to report bad site, in case you find any clearnet traces on the .onion site, incl. email address.

In this particular case, I have been able to spot the ODER/BUY NOW link which lead to a clearnet site. Within a second, it then redirected to a onion site, where I have found an e-mail address. So i had 2 ways to report this (clearnet website and an e-mail).

So run whois lookup (for example at https://who.is/whois/ for mentioned clearnet redirect domain name) and inside the output, discover which nameservers/hosting company it is using. Since it has been using Cloudflare, I have submitted the report form on Cloudflare site. Second thing is that e-mail address the paedopile worm provided on the site. I could visit that email service domain to find abuse contact. I have written steps on how i have discovered the initial link and found the e-mail so they can verify the case.

Do you know other way when you do not find any clearnet traces?