diff --git a/opsec/anonymous_server_monitoring/index.html b/opsec/anonymous_server_monitoring/index.html
index d805e0e..1341c54 100644
--- a/opsec/anonymous_server_monitoring/index.html
+++ b/opsec/anonymous_server_monitoring/index.html
@@ -61,6 +61,7 @@
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
   					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/mulligan_sec.jpeg" width="50px" height="50px"> <ba>Mulligan Security - 2025-02-07 </a></p>
+                    <p>
           
                     <h1><b>Server Monitoring</b></h1>
 
@@ -103,6 +104,7 @@
 
 
                     A <b>fail-closed</b> system is what you should strive for: opsec best practices should be the default and if there's a technical issue preventing you from following them (attack on tor, flaky network, client or server-side misconfiguration) the system should prevent access at all in order to keep you safe.
+                    </p>
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
@@ -113,6 +115,7 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
+                    <p>
                     <h1><b>Basic tools</b></h1>
 
                     Let's look at a cryptojacked server... In this case the intruder did not take any precautions or try to hide their activity. This often happens with basic scripts that scan the internet in large-scale low-cost credential stuffing attacks.
@@ -149,6 +152,7 @@
                     </ul>
 
           
+                    </p>
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->