Donate

T-Mobile US network profile

US Mobile provider in United States. Major US mobile carrier with nationwide 5G and mobile broadband traffic.

T-Mobile US is one of the major US Mobile providers tracked in this directory, with operations in United States. This profile page covers T-Mobile US's primary ASN references (AS21928), common coverage locations, and the diagnostic context most useful when an IP lookup, ASN result, or traceroute attributes a public address to T-Mobile US. Use it as a starting point for ASN, WHOIS, and reverse DNS validation rather than as a standalone proof of identity or location.

At a glance

Provider
T-Mobile US
Category
US Mobile
Country/Region
United States
Known ASNs
AS21928

How to use this page

Use this profile when an IP lookup shows T-Mobile US or a related ASN. It gives quick context before deeper routing and ownership checks.
  • Map the IP to ASN in the ASN lookup tool.
  • Validate reverse DNS and WHOIS ownership details.
  • Compare with blacklist status for reputation checks.

Common coverage locations

T-Mobile US investigation notes

US mobile carriers commonly route traffic through shared gateways and carrier-grade NAT, which makes city-level precision weaker than the carrier and ASN match itself.

T-Mobile US traffic frequently exits through shared gateway infrastructure, so broad location drift is expected and the carrier plus ASN usually matter more than PTR wording.

  • For mobile networks, broad geolocation and gateway-style hostnames are normal and should not be over-read.
  • Start with AS21928 as the expected ASN family before assuming the provider result is final.
  • When the decision is important, combine T-Mobile US with reverse DNS, WHOIS / RDAP, and blacklist context instead of relying on one data source.

T-Mobile US troubleshooting workflow

Start with IP to ASN mapping, then verify reverse DNS and WHOIS ownership. For email and abuse workflows, add blacklist checks to assess IP reputation signals around T-Mobile US traffic.

T-Mobile US: the third major US wireless carrier after the Sprint merger

T-Mobile US is one of the three nationwide US wireless carriers, serving roughly 100 million postpaid and prepaid customers across the country. The current shape of the company emerged from the April 2020 merger with Sprint Corporation, which combined two previously independent carriers into a single network with substantially more spectrum and a much larger subscriber base. T-Mobile US is headquartered in Bellevue, Washington, and is majority owned by Deutsche Telekom AG through its DT Capital holdings.

The Sprint merger reshaped the US wireless market and still affects IP attribution on T-Mobile addresses today. Sprint’s legacy CDMA network has been decommissioned and the customer base migrated to T-Mobile’s GSM and 5G core, but inherited Sprint allocations and a portion of the original Sprint engineering footprint remain visible in the unified network. For IP investigation work, the post-merger T-Mobile is a single operator from a routing perspective despite the historical complexity of the merged entity.

AS21928 and the T-Mobile routing architecture

The dominant ASN for T-Mobile US mobile traffic is AS21928, registered as T-Mobile USA Inc. AS21928 announces a substantial share of consumer wireless traffic exiting the T-Mobile network. Inherited Sprint allocations historically appeared under AS1239 and adjacent ASNs that the merger consolidated into the T-Mobile group; Sprint-specific routing has become rare in current public lookups as integration has progressed. T-Mobile Home Internet customers, served via 5G fixed wireless on the same underlying mobile network, also announce through these wireless-side ASNs rather than from a separate wireline allocation.

The mobile-only structure means a T-Mobile lookup returns wireless ASN context regardless of whether the underlying customer is a smartphone user, a Home Internet subscriber, or a tablet on a separate data line. The ASN alone does not distinguish the use case. Cross-checking through ASN Lookup confirms the wireless identity, but additional signals (CGNAT behavior, geolocation precision, source-port distribution) are needed to infer specific product usage on the T-Mobile network.

CGNAT, packet-gateway concentration, and mobile-IP behavior

T-Mobile uses carrier-grade NAT extensively for consumer wireless and fixed-wireless traffic. Most T-Mobile customers share public IPv4 addresses with hundreds or thousands of other subscribers at any given moment, with the carrier translating between private inside addresses and shared outside addresses at packet gateways concentrated in a small number of metro POPs per coast. The architecture maximizes IPv4 efficiency while producing well-known operational consequences: inbound connections to T-Mobile addresses do not traverse the CGNAT layer easily, peer-to-peer applications behave differently than on wireline broadband, and traditional port forwarding is not available as a customer option.

The packet-gateway concentration is the source of the most common T-Mobile lookup artifact: geolocation that maps to a region rather than to a specific city. A T-Mobile user physically in a small town often appears in lookups as the nearest major metro because the gateway serving their region is located there. The same user roaming a hundred miles may still appear as the same metro because the gateway assignment did not change. For investigations that depend on physical location precision, T-Mobile mobile addresses are among the least useful US wireless signals - device GPS or application telemetry produces meaningfully more accurate location than the IP can.

5G deployment leadership and the 2.5 GHz advantage

T-Mobile holds the largest mid-band 5G spectrum footprint in the United States, anchored on the 2.5 GHz band acquired through the Sprint merger plus additional 600 MHz low-band coverage and recent C-band acquisitions. The Ultra Capacity 5G marketing brand refers specifically to the mid-band 2.5 GHz network that provides much higher throughput than low-band 5G or 4G LTE. This spectrum position made T-Mobile the first US carrier to offer nationwide 5G at meaningful speeds and remains the most consequential competitive advantage produced by the Sprint merger.

The 5G architecture affects IP-level behavior indirectly. T-Mobile customers connected to Ultra Capacity 5G see lower latency and higher throughput than the same customers on 4G LTE or low-band 5G. For VPN and privacy work, this means a T-Mobile connection running through a VPN behaves more consistently from the throughput side when the underlying coverage is mid-band 5G. Performance degradation that appears VPN-related on T-Mobile may actually reflect 5G coverage transitions rather than tunnel issues. Confirm coverage tier before drawing VPN-related performance conclusions on this network.

T-Mobile Home Internet and the fixed-wireless lookup case

T-Mobile Home Internet is a 5G fixed-wireless home broadband product targeting customers in areas where wireline service is unavailable, slow, or expensive. The product launched in 2021 and has grown rapidly, reaching several million subscribers within a few years. The IP-level behavior is distinctly cellular rather than wireline: addresses announce from the same wireless ASNs as smartphone customers, CGNAT- style source-port distribution is common, and geolocation precision is tower-area rather than street-level.

An IP that appears in T-Mobile attribution with CGNAT behavior, residential-style usage patterns (long- running connections, heavy streaming, larger evening throughput), and no consistent PTR is very likely a Home Internet customer rather than a traditional mobile user. The lookup distinction is not always clear from the IP alone, but the product behavior produces signatures that differ from standard mobile use. For investigators, this matters because Home Internet customers tend to have more stable identity profiles than transient mobile sessions - a Home Internet user’s IP, while not unique to them, is more likely to consistently represent the same physical household over time than a smartphone user’s changing addresses.

MVNO ecosystem and the Mint Mobile acquisition

T-Mobile hosts a substantial MVNO ecosystem on its network. T-Mobile-owned brands include Metro by T-Mobile (formerly MetroPCS, acquired in 2013) and Mint Mobile (acquired in 2024). Independent MVNOs also ride on T-Mobile backhaul under wholesale arrangements, including Tello, Ultra Mobile, and Google Fi’s T-Mobile-served users. The MVNO presence means a T-Mobile-attributed IP may belong to a customer of one of these brands rather than to a direct T-Mobile subscriber, with no IP-level distinction between the two.

The wholesale relationships affect attribution work indirectly. A T-Mobile IP from a customer service perspective is the same as a Metro or Mint IP from a network perspective - they all exit through the same packet gateways and share the same address pools. For correlation across an MVNO customer’s sessions, account-level data from the MVNO brand is required; the network layer cannot distinguish the customer base. For abuse handling, T-Mobile’s abuse processes cover the entire network including MVNOs, with escalations routed to the underlying carrier rather than to the MVNO brand.

PTR conventions and the minimal-reverse-DNS pattern

T-Mobile, like most major US mobile carriers, does not configure detailed reverse DNS on most consumer mobile ranges. A typical T-Mobile customer IP returns no PTR record or a generic carrier-owned hostname that does not encode subscriber-identifying information. When PTRs exist, common patterns appear within the tmobile.com family or carrier-internal domains, typically with provisional naming that reflects packet-gateway or routing region rather than customer location.

The minimal-PTR behavior is structural to mobile networks and is not an investigative weakness specific to T-Mobile - all major US carriers behave similarly. For reverse-DNS-based investigation workflows, the practical implication is that PTR cannot be used as a T-Mobile attribution signal the way it can for residential cable or fiber. The clean signal is the ASN: AS21928 plus mobile-style traffic patterns plus CGNAT behavior identifies T-Mobile cellular service regardless of whether a PTR exists. For investigations that depend on hostname signals, mobile traffic generally requires application-layer evidence rather than network-layer PTR analysis.

IPv6 deployment on T-Mobile: native mobile dual-stack

T-Mobile was an early leader in mobile IPv6 deployment and operates one of the most mature IPv6 mobile networks in the world. The majority of consumer T-Mobile devices receive an IPv6 address natively from the cellular network, with IPv4 connectivity provided through 464XLAT translation at the carrier level. The architecture effectively runs the consumer-facing network on IPv6 while preserving compatibility with the IPv4 internet through translation gateways.

For privacy and VPN-related work on T-Mobile, the mature IPv6 deployment is consequential. A T-Mobile customer’s real network identity is dual-stack with IPv6 as the primary connectivity. VPN clients that tunnel IPv4 but not IPv6 produce significant leak surface on this network specifically because IPv6 is the dominant path. Our IPv6 leak test is particularly diagnostic on T-Mobile - leak signals are common and produce clear evidence that the VPN is not fully protecting the connection.

International roaming, 5G abroad, and the location-drift caveat

T-Mobile offers extensive international roaming through its Magenta and Go5G plans, with included data in over 200 countries. The roaming architecture routes international cellular traffic through T-Mobile’s home packet core via roaming partners’ networks abroad. For IP lookups, this produces a specific artifact: a T-Mobile customer roaming in Europe may appear in lookups as either the local country (when the foreign carrier’s SGi-LAN handles the traffic locally) or as the US T-Mobile network (when home-routed through T-Mobile’s core). Both patterns are legitimate roaming behavior.

The roaming complexity affects investigation work indirectly. A T-Mobile attribution on traffic that appears to originate from a non-US location does not necessarily indicate a VPN or anomaly - it may simply be a US customer roaming abroad with traffic routed back through the T-Mobile core. Cross-referencing roaming country signals against account billing country and recent travel history produces more reliable interpretation than IP location alone. T-Mobile international roaming is sufficiently widespread that "T-Mobile IP appearing internationally" is a routine traffic pattern rather than an unusual signal.

Investigation pitfalls specific to T-Mobile IP analysis

The largest specific limit on T-Mobile attribution is the structural anonymity produced by CGNAT and packet-gateway concentration. A T-Mobile public IP represents thousands of simultaneous subscribers, with the carrier’s internal CGNAT mapping required to identify which specific customer used which source port at which exact second. T-Mobile retains this mapping data for limited windows (typically 30 to 90 days), which is enough for routine law enforcement investigations but may not support older cases. For workflows that depend on attribution to a specific subscriber, the IP plus timestamp combination must be served on T-Mobile through proper legal process before the mapping expires.

Second-order T-Mobile attribution problems include the Home Internet versus mobile ambiguity (same network ASN, different products), the MVNO ecosystem (multiple consumer brands sharing identical network infrastructure), and the IPv6 preference that means IPv4 lookups capture only half of network identity. For investigations, the conservative rule is to treat any T-Mobile IP as a mobile-class signal requiring carrier-level mapping for specific attribution, with independent application-layer or account-level evidence required before drawing operational conclusions.

T-Mobile DNS resolvers and the encrypted-DNS preference

T-Mobile assigns its own DNS resolvers to consumer devices by default, typically 62.205.21.157 and adjacent T-Mobile- operated resolver IPs in older provisioning, with newer devices receiving carrier resolvers via DHCPv6. The carrier has also been an aggressive deployer of DNS over TLS and DNS over HTTPS on the consumer side, with many recent T-Mobile devices encrypting DNS queries by default to T-Mobile’s own resolvers. This architectural choice is operationally interesting because it limits visibility of customer DNS patterns to external observers while still concentrating resolver activity at the carrier level.

For VPN-related work, the encrypted-DNS preference produces specific testing behavior on T-Mobile. Customers running our DNS leak test from a T-Mobile connection without a VPN active will see T-Mobile resolvers in the result, which is the expected baseline. A VPN that does not capture DNS correctly continues to send queries to T-Mobile’s encrypted resolvers, producing a leak that is visible in the test results. The encrypted nature of the underlying queries does not prevent leak detection - the destination resolver is still T-Mobile’s, which is the signal that matters for privacy interpretation.

Quick reference summary for T-Mobile US lookups

The high-confidence T-Mobile identification recipe is AS21928 plus CGNAT-style source-port distribution plus mobile-class geolocation. That combination cleanly identifies T-Mobile cellular or Home Internet traffic. Mature native IPv6 deployment makes the network effectively dual-stack from the customer side. The MVNO ecosystem (Metro by T-Mobile, Mint Mobile, and independent partners) shares the same underlying network identity, so MVNO customers appear as T-Mobile at the network layer. Sprint legacy infrastructure has been largely consolidated into the unified T-Mobile network, with residual Sprint identifiers rare in current lookups. International roaming produces routine non-US geolocation for legitimately traveling customers. Specific subscriber attribution requires carrier-level CGNAT mapping through proper legal process - the public IP alone identifies the network, not the customer. For consequential workflows, layer the IP with application or account-level evidence rather than treating mobile attribution as a standalone identifier.

T-Mobile US FAQ

What ASN does T-Mobile US use?
T-Mobile US may use one or multiple ASNs depending on region and service type. This page lists common references for quick investigation.
Can T-Mobile US IP addresses change location results?
Yes. Geolocation can vary by database and routing design, especially on mobile or CGNAT-heavy networks.
How should I verify ISP ownership?
Cross-check ASN mapping with WHOIS/RDAP and reverse DNS to reduce false assumptions from one data source.
Is T-Mobile US enough to identify an exact user location?
No. The ISP name is provider context. Exact location and subscriber-level identity require stronger evidence than public lookup data can provide.
Why do T-Mobile US lookup results sometimes show nearby cities?
Provider aggregation, dynamic address pools, mobile gateways, and stale geolocation records can all make a correct ISP match appear under a nearby city.