I would like to find out when the 2 sites listed below were classified as malicious sites.

One of our systems was infected when the user opened up a pdf file sent via email. The pdf was embedded with 2 malicious sites.
Once the user opened up the pdf, a link popped up asking for the user’s id and password, which the user entered.
Soon after that, the email client on the system sent out hundredths of emails to all in the address book.

https://edscovn.com/firstam/files/index.php

https://siemenasrmaad.date/office/safeopen

Does anybody know anything about the sites listed above, and if so when were they identified as malicious.

Blacklisted
https://www.virustotal.com/#/url/7b438f5111fc8bf73b6eaa9213b06f91ebaa6842a1fc4bcec5f0867baf8140d5/detection

Blacklisted
https://www.virustotal.com/#/url/b0273dafdf71d4acaeb5f79fb1ecf52a867e59187dc0f995d6fa8a805dcb0b9d/detection

Both URLs resolve to same IP
IP history >> https://www.virustotal.com/#/ip-address/185.141.25.242

One of our systems was infected when the user opened up a pdf file sent via email.

You can forward suspicious mail(s) including any attachment here >> sanitize@metadefender.com After 10 minutes you recive a mail with the scan result

They are also being blocked as dangerous by Google Safebrowsing.
PHISHING etc.: https://aw-snap.info/file-viewer/?protocol=secure&tgt=edscovn.com%2Ffirstam%2Ffiles%2Findex.php&ref_sel=GSP2&ua_sel=ff&fs=1
&
https://aw-snap.info/file-viewer/?protocol=secure&tgt=siemenasrmaad.date%2Foffice%2Fsafeopen&ref_sel=GSP2&ua_sel=ff&fs=1

Risk status 7 red out of 10: http://toolbar.netcraft.com/site_report?url=https://edscovn.com
100/100% malicious → https://zulu.zscaler.com/submission/fbcdc0b6-e99c-49ee-9b0d-68a6cd33dfba
as well as this one 100/100% malicious: https://zulu.zscaler.com/submission/c52195d2-6fd9-4bed-8a92-8326a93fa437

No doubt about this being phing sites,

polonus