The router’s config and routing tables (if preserved) would answer the question of whether or not the Domain machines were connected to the internet. As a bonus, we’d also know the source and destination of unauthorized TX and RX traffic.
I speculate that the config had lines that directed traffic to certain addresses. That is what they are hiding.