Use haveibeenpwned.com to check an email address against the index of multiple data breaches (and dumps that aren't really breaches). The site used to let a domain security contact search for hits on their domain, but that is now a paid freemium feature that can cost quite a bit (fair value though).
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
Use zulu.zscaler.com to scan a site and score the risk. Several checks run, that will teach you some things about the responses served, host checks, content checks, and URL checks, rolled up into a 0-100 risk score (that you can ignore because the fine-grained details are more helpful).
Zulu is a dynamic risk scoring engine for web based content.
Use securityheaders.com to check a site's commitment to protecting the security of visitors by using modern headers constraining client behavior. Good headers can help mitigate XSS and other attacks.
Quickly and easily assess the security of your HTTP response headers
Use www.ssllabs.com/ssltest/ to check the TLS characteristics of your web server, and get actionable advice for improvements.
Use radar.cloudflare.com for a dashboard of tools that includes several useful lookups. Try them all, but my go-to is the URL Scanner that gives a detailed report breaking down security and tech characteristics of a target you're studying.
Up to date global Internet trends and insights.
Use ipinfo.io to see location and owner data for IP addresses, really useful in enriching data you get while investigating incidents. This one is freemium--you get basic stuff free/anon, signing up gets you a few more fields and API access, and paid plans gets bulk API use.
Get accurate IP address information with IPinfo. Trusted by 400,000+ users, we handle more than 40 billion API requests monthly. Sign up for free account today.
Use talosintelligence.com/reputation_c... to get a gut check on the reputation of an email sender (what I use most), IP address, or a file. Helpful to see if a sender is on spam blocklists, or see factors that affect mail deliverability.
Use www.virustotal.com/gui/home/upl... when you need a quick "does this look infected?" verdict that represents a consensus of several vendors. You can start with a file, file hash, or an URL, and learn quite a bit. There's some sandbox output in some cases that can help learn things.
Use dnsdumpster.com when you need a simple way to do domain recon that is high level, and could surface interesting things to follow up. It won't tell you anything about reputation, but will show a lot of DNS info that lets you size up the security maturity of a subject domain.