Bitdefender needs to get better at this type of scan.
An email to me, containing a PDF titled "Update Payment". The link in the PDF leads to: https://t.umblr.com/redirect?z=https%3A%2F%2Fsemuaakansepertisediakala.com%2F%3FSHUJigndwup&t=ZTVlOGExYzJhMzExZGNhMTZiNTNkOTAyNzBmYTQ2M2YzNDRkYjcxYiw5ODZjMTRiZTU2Yjg0NmE1ODM4OTVjYjE1NTQzYzk3YmU4OTY5YzVm
Multiple engines flagged this as phishing/trojans, but BitDefender let it thru. Also, it didn't find anything wrong with it when I saved it to disk and performed a manual scan.
The mail header was a complete mess as well.
==============================================
X-Eon-Dm: m0116959.ppops.net
Return-Path: <noreply.terimakasihataspemeberiannya8639245@indomiegoreng0002.com>
Received: from mail-lj1-f193.google.com (mail-lj1-f193.google.com [209.85.208.193])
by m0116959.mta.everyone.net (EON-INBOUND) with ESMTP id m0116959.5ef25225.548f61
for <myemail@here.com; Tue, 30 Jun 2020 11:37:18 -0700
Received: by mail-lj1-f193.google.com with SMTP id d17so9092301ljl.3
for <amazon@gl-us.net>; Tue, 30 Jun 2020 11:37:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=indomiegoreng0002-com.20150623.gappssmtp.com; s=20150623;
h=mime-version:from:date:message-id:subject:to;
bh=1y+knzV+UeTzRjYoZ6CWrX5UI3X6HlSU2otoII40h7Y=;
b=zexPQMlJsqRbxgFosAylE2EAAkSip+V/qc8dIUh0scPc37NsnsJKl5Xb5tNGNA4HRc
hfrphPLdEglmSKHus+OOvDPNUvU+0RE4dxnJArg+z6ovi8q815Ez+lhSBu+vTFY5Z04E
vqsgpbCqkx8IytIalwdxrAjxvL1zjuLu4qE6o+a/GwQLP7zv9jjUYbDCNv06BZZqlCXq
2ufwRHaFzn94dNhc+eLsnAT5z3xFfFyp4Pf/y4rNKsmJPwt5xPm9iPIesPJfCO3iIsqO
exc3oJWskEv5zJ0uNxT7x/nR08Eupn3hUjrEz0yeKXIywoUXjOc3eQkr17QDLIWwCtlw
UbIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=1y+knzV+UeTzRjYoZ6CWrX5UI3X6HlSU2otoII40h7Y=;
b=k/NmtE7U8WDIgy+XiOMb5QzSi3E30dThLD6kjr1IPEuuYGy69dRSHIE0W7T6S0t7ks
ZgqT10MUWI4F8yCSGgCW5AY6YuKYnrLk7A8xb2UkZZ4qrgaY14Ev9SpqqtUPP6XD//b6
IXNrmaLwqKpqULMmpowfGCMcEzj1GpFRryctI/WQ6Z38vNbxRZtYcrU28eodItSRpMhV
2xWmgiiql7Zt2jO6NwZndLXyaPmO6eW94TINjcebZXcSOHPpT+CxWQw2AtvqOCRbjsbf
4CYGDBXNmrJHI4KJgAwfa8pbjXExtyfsL6mH5snPCNqSoAEdJHt3ZzAOE9KzKy9oisIs
1BmQ==
X-Gm-Message-State: AOAM532pm+11xL2OxgM89RBjKrKGqGgKclwzCMLcljkt/4NWM06lz4qn
pbhII6gSM8sBZ4If1S/M3WGlT51IPAJ1f9ifgTa/1A==
X-Google-Smtp-Source: ABdhPJxaGik9LDBcXFi2JmcUnLFnLQTJZqBVqWXt69X4DnVOkulZd8wu21XrOXHEO38xHvIiJ8CbBA7LXV2DgTMrs4A=
X-Received: by 2002:a2e:9e88:: with SMTP id f8mr10800585ljk.193.1593542234313;
Tue, 30 Jun 2020 11:37:14 -0700 (PDT)
MIME-Version: 1.0
From: Amazon Prime <noreply.terimakasihataspemeberiannya8639245@indomiegoreng0002.com>
Date: Tue, 30 Jun 2020 11:36:59 -0700
Message-ID: <CA+EiWncA-aOxcsAC_tH71i6kM2+qdy2Q4p2_hvO++rapEi_7CA@mail.gmail.com>
Subject: =?UTF-8?Q?=E2=9A=A0=EF=B8=8FRe_=3A_Action_required_=2D_Please_verify_or_update?=
=?UTF-8?Q?_your_payment_information_=23117=2D477=2D8397=2D_00=3A35=3A45_=2B0034_=28GMT?=
=?UTF-8?Q?=29?=
To: update5512@service-amazon.com
Content-Type: multipart/mixed; boundary="000000000000cff12105a951767f"
X-Eon-Alias-Sig: AQO7DMVe+4ZhnlOFZwEAAAAB,cdb124186f4fcb6bd22be343c9c411eb
X-BitdefenderWKS-SpamStamp: Build: [Engines: 2.15.12.1318, Stamp: 3],
Multi: [Enabled, t: (0.000006,0.011992)], BW: [Enabled, t:
(0.000017)], RTDA: [Enabled, t: (0.066312), Hit: No, Details:
v2.7.113; Id: 12.1i622bd.1ec51op39.j177], total: 0(775)
X-BitdefenderWKS-Spam: No - 0
