I’ve had to carrier unlock two devices from T-Mobile. You’ve already returned it, but if anyone else faces a similar situation: for whatever godforsaken reason, DMing them on Twitter is the way that has always worked for me. There is back and forth, but usually they set you right.
Just download it from a third party and compare the checksum with the official information. Granted, the official checksums on their website are behind a few steps, but you already tried on public Wi-Fi - once you generate the link a “Verify your Download” section should appear.
Usually they just check your IP against a list of known VPN IP ranges. But they could also be blocking all IPs from data centers and only allowing residential IPs.
I’ve had to carrier unlock two devices from T-Mobile. You’ve already returned it, but if anyone else faces a similar situation: for whatever godforsaken reason, DMing them on Twitter is the way that has always worked for me. There is back and forth, but usually they set you right.