Good advise Rod, as usual... couple of additional suggestions...
Since the network, more accurately the Comcast provided broadband router is suspect, maybe erase/restore should be done in a different network, preferably not with Comcast. Doing so would eliminate the network as the source of the issue.
Alternatively, there's no reason for not checking/removing Pegasus on the devices. This has been made easy by forensic acquisition tools, like
Mobile Verification Toolkit (MVT) (freeware) and
iMazing (license-ware). The guide for using these tools, the short and sweet version is here:
Are you looking for ways to remove Pegasus Spyware from android and iPhone? Check out this post that contains every information on Pegasus.
www.geekman.in
Tested my iPhone with iMazing had been easy, just couple of clicks and iMazing actually runs the MVT scripts behind the clicks in the background. The result was pretty much clean, with one warning:
See, there's some use for iMazing after all...