From 27f68826849ab0ec7f32a618f7a02a10ec810b71 Mon Sep 17 00:00:00 2001
From: gitea <gitea@thisisfake.lol>
Date: Fri, 20 Feb 2026 19:59:16 +0000
Subject: [PATCH] docs: add scan results screenshot

---
 README.md    | 2 ++
 USERGUIDE.md | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/README.md b/README.md
index f6864fd..c576465 100644
--- a/README.md
+++ b/README.md
@@ -105,6 +105,8 @@ See **[USERGUIDE.md](USERGUIDE.md)** for a plain-English walkthrough of every da
 
 ![Filter tabs](Screenshots/Filter%20Tab%20Row.png)
 
+![Scan results](Screenshots/Scan%20Results.png)
+
 ![Live log stream](Screenshots/Scan%20Log%20Stream.png)
 
 ---
diff --git a/USERGUIDE.md b/USERGUIDE.md
index 1ff07af..0353632 100644
--- a/USERGUIDE.md
+++ b/USERGUIDE.md
@@ -102,6 +102,8 @@ Actions available here:
 ## Scan
 
 
+![Scan results](Screenshots/Scan%20Results.png)
+
 The Scan reads your NPM access logs and surfaces IP addresses that are behaving suspiciously but haven't been banned yet. Click **`[SCAN]`** in the filter tabs to run it.
 
 It looks for IPs that are: