Skip to content
PhantomOps Docs

Troubleshooting

When something goes wrong, start with the symptom you’re seeing on the project card or in the scan. Most issues have a clear in-app cause.

Project card shows “Needs plan”

Section titled “Project card shows “Needs plan””

The project has no plan slot assigned. Cannot run a full scan.

Fix: Select Assign plan on the project card and pick an unused slot. If none are listed, buy more from Settings → Billing.

Project card shows “Plan spent”

Section titled “Project card shows “Plan spent””

The assigned slot has been consumed by a previous scan. A consumed slot cannot be re-used.

Fix: Select Assign plan and pick another slot, or buy more.

Scan stays in “Scheduled” and never starts

Section titled “Scan stays in “Scheduled” and never starts”

The current time is outside the project’s working-hours window. The scan is waiting for the next opening.

Fix: Either wait, or change the window:

  • Open the project’s edit dialog or Settings tab.
  • Change Working hours to Scan anytime, or set a window that covers now.

If the scan still doesn’t fire after the window opens, restart it from the project’s Scans tab.

Scan stuck on “Awaiting credit confirmation”

Section titled “Scan stuck on “Awaiting credit confirmation””

The scan estimated it needs more credits than your current balance covers.

Fix: Top up purchased credits in Settings → Billing. The scan resumes automatically when the new balance lands. If you don’t want to spend more, cancel the scan from the Active Scan card.

See Credits for how the two credit pools work.

Scan stuck on “Estimating” or “Queued” for a long time

Section titled “Scan stuck on “Estimating” or “Queued” for a long time”

Briefly normal — early scan phases include attack-surface discovery and budget estimation, which can take a few minutes on large sites.

If it’s been more than 10 minutes: stop the scan from the Active Scan card in the sidebar, then re-launch. If the same scan stalls again on the same step, contact [email protected] with the scan ID.

Scan ended with “Error” or “Stopped”

Section titled “Scan ended with “Error” or “Stopped””

Possible causes:

  • Target was unreachable mid-scan (DNS, downtime, or firewall change).
  • Target’s WAF or rate-limit rules blocked the scanner. Lower the Rate limit in the wizard’s Configuration step and re-launch.
  • A credential expired mid-scan (common with cookies that have short TTLs).

Re-launch from the project card. If the run consistently fails at the same point, attach the scan ID and the Scan notes export to a support email.

Section titled “Cookie credential doesn’t seem to authenticate”

Most likely the captured cookie is not the right one or has expired.

Try this:

  1. Open the target site in incognito.
  2. Open DevTools → Application → Cookies.
  3. Manually paste the cookie value into the cookie row.
  4. Reload — if you land on the logged-in dashboard, the cookie is valid. If you’re redirected to login, it’s the wrong cookie or expired.
  5. If the cookie is valid in incognito but PhantomOps still scans unauthenticated, check that you saved it on the credential and not as a label. Re-create the credential and paste the value into the Cookie field.

See Credentials → Cookie for the full capture flow.

Scan ignores my out-of-scope patterns

Section titled “Scan ignores my out-of-scope patterns”

Possible causes:

  • The pattern is not a full http/https URL. Patterns must be absolute URLs, not relative paths.
  • The wildcard is in the wrong place. Only a single trailing * is allowed (e.g., https://app.example.com/admin/* is OK; https://app.example.com/*/admin is rejected).
  • The pattern excludes a URL the agent reaches via redirect — the redirect target may still be in scope.

Edit the patterns in Configure and launch → Out-of-scope URL patterns and re-launch.

Plan inventory didn’t update after Stripe checkout

Section titled “Plan inventory didn’t update after Stripe checkout”

The post-checkout poll on the Projects page should detect the new slots within a few seconds.

If it doesn’t:

  1. Refresh Settings → Billing. The Available stat card and inventory list are the source of truth.
  2. If still missing, wait 60 seconds — Stripe webhooks can occasionally lag.
  3. If still missing after 5 minutes, email [email protected] with the Stripe session_id from the URL.

Approvals keep expiring before I can review them

Section titled “Approvals keep expiring before I can review them”

The 5-minute approval window is fixed.

Try this:

  • Switch the project to Boss mode for in-scope dangerous actions you’re already comfortable with. Boss mode skips the manual approval and proceeds.
  • Add the noisy endpoints (logout, admin destructive actions, etc.) to Out-of-scope URL patterns.
  • Pin the Approvals page open while the scan runs.

Reports look outdated

Section titled “Reports look outdated”

Findings can change between scans, and the report is generated at scan completion. To regenerate after triage updates:

  • Open the project’s Overview tab.
  • Use Regenerate report on the Latest report card, or Regenerate Report in the in-app viewer.

Still stuck?

Section titled “Still stuck?”

Email [email protected] with:

  • The project ID (from the URL /projects/<id>).
  • The scan ID if applicable.
  • A short description of what you expected and what happened.

Including the scan notes export (Scans tab → expand the run) speeds up diagnosis.