diff --git a/README.md b/README.md
index d4a5dba..df8e5b4 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ All data here is **metadata only**. No raw logs, PCAPs, or sensitive artifacts a
 
 ## Intended Use
 - Ingest `iocs.csv` into monitoring tooling, SIEM rules, DNS tracking, or threat-hunting routines.  
-- Apply `blocklist.txt` for defensive blocking or sinkholing.  
+- Apply `blocklist.csv` for defensive blocking or sinkholing.  
 - Consult `key_hits.txt` to track behaviors or patterns: shell anomalies, proxy/tunnel strings, beacon pulses.