I am talking about some way to report it (without exposing my identity - using Tor browser) or let it be shutdown.
Related Tor FAQ: https://support.torproject.org/abuse/#abuse_remove-content
Report1: https://report.cybertip.org
Report2: https://www.iwf.org.uk/en/uk-report/
Report3: https://www.inhope.org/EN#hotlineReferral
Here is how to report bad site, in case you find any clearnet traces on the .onion site, incl. email address.
In this particular case, I have been able to spot the ODER/BUY NOW link which lead to a clearnet site. Within a second, it then redirected to a onion site, where I have found an e-mail address. So i had 2 ways to report this (clearnet website and an e-mail).
So run whois lookup (for example at https://who.is/whois/ for mentioned clearnet redirect domain name) and inside the output, discover which nameservers/hosting company it is using. Since it has been using Cloudflare, I have submitted the report form on Cloudflare site. Second thing is that e-mail address the paedopile worm provided on the site. I could visit that email service domain to find abuse contact. I have written steps on how i have discovered the initial link and found the e-mail so they can verify the case.
Do you know other way when you do not find any clearnet traces?
Honestly, for me, I’d refer this to law enforcement. I don’t know what country you’re in, but in the US, I’d go with the FBI.
Yea why would that be a matter of “hit report button”? This is proper crime, you won’t ever do better than the intelligence agencies can.
I think the issue is that by reporting this to law enforcement, you are admitting you have accessed and viewed CP.
A significant percentage of LEO’s are conservatives. They bring their personalities to the job and can decide to charge people, even when it’s not perfectly within the spirit of the law. It’s safer to remain anonymous and let the companies make that LEO contact.
Don’t ever trust a conservative with a badge, no matter what agency employs them.