Skip to main content

Brand Colors

DNS Tool by IT Help San Diego Inc.

Canonical palette and standards-aligned color reference for design, engineering, and vendor handoff.

Standards Alignment

This page documents our brand identity palette alongside colors used for cybersecurity classification. Where formal specifications exist (e.g., FIRST TLP v2.0 defines exact hex values), we cite the standard directly. Where colors are industry convention rather than formal specification (e.g., CVSS severity colors used on NVD), we note that distinction honestly. Every claim on this page is independently verifiable via the linked sources.

Brand Palette

Core identity colors and surface tokens.
Background Primary
--bg-primary
#0d1117
Main application background. GitHub-dark aligned.
Background Secondary
--bg-secondary
#161b22
Elevated surfaces, code blocks.
Background Tertiary
--bg-tertiary
#21262d
Cards, modals, elevated containers.
Background Elevated
--bg-elevated
#30363d
Highest elevation surfaces.
Text Primary
--text-primary
rgba(230,237,243,0.9)
Off-white for reduced eye strain. ~#e6edf3 at 90%.
Text Secondary
--text-secondary
rgba(139,148,158,0.9)
Muted/secondary text.
Border Default
--border-default
#30363d
Standard borders.
Border Muted
--border-muted
#21262d
Subtle dividers.
Info Blue
--status-info
#58a6ff
Primary accent. Links, buttons, informational badges.

Status & Severity Colors

Analysis indicators across all reports.
Success
--status-success
#3fb950
Verified, safe, pass indicators. 20% desaturated for professionalism.
Warning
--status-warning
#e3b341
Caution, review needed. Optimized amber for WCAG AA contrast on dark backgrounds.
Danger
--status-danger
#f85149
Critical, fail, error indicators. 20% desaturated for professionalism.
Info
--status-info
#58a6ff
Informational, neutral-positive states.
Neutral
--status-neutral
#8b949e
Inactive, secondary, not-applicable states.

Surface Tints

Background tints at 15% opacity for severity rows and badges.
Success Surface
--status-success-bg
rgba(63,185,80,0.15)
Background tint for success states.
Warning Surface
--status-warning-bg
rgba(227,179,65,0.15)
Background tint for warning states.
Danger Surface
--status-danger-bg
rgba(248,81,73,0.15)
Background tint for danger states.
Info Surface
--status-info-bg
rgba(88,166,255,0.15)
Background tint for info states.

Traffic Light Protocol (TLP) v2.0

Information sharing classification.
FIRST CISA

Colors specified by FIRST (Forum of Incident Response and Security Teams). Adopted by CISA on November 1, 2022. DNS Tool defaults to TLP:AMBER for all reports — security posture data may reveal actionable vulnerabilities.

TLP:RED
.tlp-badge-red
#FF2B2B
For named recipients only. No further disclosure.
FIRST TLP v2.0
TLP:AMBER
.tlp-badge-amber
#FFC000
Limited disclosure within organization and clients. Default classification for DNS Tool reports.
FIRST TLP v2.0
TLP:AMBER+STRICT
.tlp-badge-amber-strict
#FFC000
Limited to organization only, no client sharing.
FIRST TLP v2.0
TLP:GREEN
.tlp-badge-green
#33A532
Community-wide sharing permitted.
FIRST TLP v2.0
TLP:CLEAR
.tlp-badge-clear
#FFFFFF
Unlimited disclosure. White text on dark background, bordered on light.
FIRST TLP v2.0

CVSS v3.1 Severity Scale

Vulnerability scoring color alignment.
FIRST NIST NVD

Score ranges formally specified by FIRST CVSS v3.1. Colors are not part of the CVSS specification — they are de facto industry convention derived from the NIST NVD implementation and widely adopted across security tooling. Used for posture scoring and risk-level badges throughout reports.

Critical (9.0–10.0)
.u-severity-critical
#cc0000
Score range specified by FIRST CVSS v3.1. Color derived from NVD implementation convention.
Ranges: FIRST CVSS v3.1 | Colors: NVD convention
High (7.0–8.9)
.u-severity-high
#df3d03
Score range specified by FIRST CVSS v3.1. Color derived from NVD implementation convention.
Ranges: FIRST CVSS v3.1 | Colors: NVD convention
Medium (4.0–6.9)
.u-severity-medium
#f9a009
Score range specified by FIRST CVSS v3.1. Color derived from NVD implementation convention.
Ranges: FIRST CVSS v3.1 | Colors: NVD convention
Low (0.1–3.9)
.u-severity-low
#ffcb0d
Score range specified by FIRST CVSS v3.1. Color derived from NVD implementation convention.
Ranges: FIRST CVSS v3.1 | Colors: NVD convention
None (0.0)
.u-severity-none
#53aa33
Score range specified by FIRST CVSS v3.1. Color derived from NVD implementation convention.
Ranges: FIRST CVSS v3.1 | Colors: NVD convention

Documentation & Citation Standard

Governing style for all reports, briefs, and output.
NIST SP 800 IEEE Citations

All DNS Tool documentation, intelligence reports, and executive briefs follow NIST Special Publication 800-series conventions for structure and tone, augmented with IEEE-style numbered citations for RFC and protocol references.

Document Structure (mirrors NIST SP 800-53, 800-171)
  1. Summary
  2. Findings
  3. Evidence
  4. Impact
  5. Recommendations
Style Rules
  1. Tone: Authoritative, observation-based, factual. No hedging language. Direct statements of observed state.
  2. Technical references: IEEE-style numbered citations for RFCs, NIST SPs, and protocol standards (e.g., [1] RFC 7489, [2] NIST SP 800-177).
  3. Terminology: Use NIST/CISA vocabulary — "control", "finding", "observation", "recommendation", "risk level" — not academic terms like "hypothesis" or "methodology".
  4. Report titles: Intelligence-community format: "DNS Intelligence Report" / "DNS Intelligence Brief" (not "Analysis" or "Study").
  5. Visual identity: The NIST standard governs content structure and citation format, not visual design. Dark theme, hacker-culture fonts, and brand palette remain unchanged.
  6. Classification: FIRST TLP v2.0 remains the information sharing framework. Default: TLP:AMBER.

Why NIST over APA/Chicago? APA and Chicago are academic and publishing standards — they read as humanities or social science, not security operations. NIST SP 800-series is the native language of the cybersecurity community this tool serves: NIST, CISA, RFC authors, and enterprise security teams. IEEE citation format is adopted only for numbered protocol references within the NIST document structure.

The Owl Semaphore

Four states of knowledge — the Klein four-group V₄, a subgroup of O(2).

The Owl of Athena encodes semantic state through orientation and color. The four transforms form the Klein four-group V₄ — the smallest non-cyclic group, where every non-identity element is its own inverse.

Normative Standard — gold owl on dark, gold outer ring

NORMATIVE

T = I   det = +1

(x, y) → (x, y)

“This is the standard.”

Non-Normative Standard — teal owl on cool gray, teal outer ring

NON-NORMATIVE

T = σv   det = −1

(x, y) → (−x, y)

“This reflects the standard.”

Critical Standard — red owl on warm red, red outer ring

CRITICAL

T = C2   det = +1

(x, y) → (−x, −y)

“This inverts the standard.”

Metacognitive Standard — amethyst owl on deep violet-black

METACOGNITIVE

T = σh   det = −1

(x, y) → (x, −y)

“This audits the standard.”

Redundant encoding: Color + orientation + context label. The semaphore remains readable under color vision deficiency, small render sizes, and contexts where any single channel is degraded.

Standards mapping: Normative = RFC 2119 MUST/SHALL. Non-normative = Informative/NOTE. Critical = CVE/Security advisory. Metacognitive = Observer audit/Frame inversion.

Usage Rules

Palette governance for consistent output.
  1. Standards-specified colors are non-negotiable. TLP colors must match the FIRST TLP v2.0 specification exactly — they are protocol requirements, not brand choices. CVSS severity colors follow NVD convention for ecosystem consistency.
  2. Status colors follow GitHub-dark conventions with 20% desaturation for professional appearance on dark backgrounds.
  3. Surface tints use 15% opacity of their parent color to maintain readability while providing visual grouping.
  4. WCAG AA minimum contrast is maintained across all text/background combinations. Executive print reports use minimum 11pt body text.
  5. No ad-hoc colors. All new colors must be documented here with their token name before use in production.
  6. TLP:AMBER is the default report classification per CISA Cyber Hygiene practice — security posture data may reveal actionable vulnerabilities.

DNS Tool v26.45.09 · IT Help San Diego Inc. · Colors last verified February 2026

Straight talk about your data.

We use two cookies, both essential:

  • _csrf — Prevents cross-site request forgery. Required for form submissions. Security-only.
  • _dns_session — Only exists if you choose to sign in. No account required to use DNS Tool.

We log your IP address for two reasons: rate limiting (so nobody abuses the service) and security (identifying malicious actors and complying with legal obligations). We check source geography for analysis accuracy — DNS responses vary by region, and knowing which resolver answered from where makes the science better.

No tracking cookies. No analytics cookies. No ad networks. No data brokers. Our code is open-core — the application framework is publicly available under BUSL-1.1 with timed Apache-2.0 conversion. Verify it yourself.

If you create an account and want out, account deletion removes your login and scan history. Public domain analyses remain available because they contain only public DNS records, already hashed. Full details: Privacy Policy.

Copied!