I wanted to turn some of the comments into an answer that can be used for additional verification in case someone else runs into a similar issue where the vendor also reskinned the notifications window.
Android 9.0 was released in March 2018. The Security patch level is May 2017. This doesn't make sense at all. Would you trust it if the vaccination card for a 15 month old toddler says the most recent vaccinations were given 10 months before he was born? Not to mention that I'd really recommend against using a phone which is over 2 years out of date on security patches.
The Kernel Version also doesn't match: Android 9.0 has one of 3 kernel version: 4.4, 4.9 or 4.14. The stated version, 3.18.19, matches that of Android 6.0.
The Build Number also is cause for concern. MRA58K is related to the Android 6.0 ROM, and vendors are not supposed to use test keys for released products.
Overall, these are all causes for concern. This device has been tampered with (either rooted and the build.prop edited, or a full ROM edit), and poorly at that, since if they were competent, chances are they'd have edited the above values as well to be less suspicious. There is no way to know what other changes they made. At best they're trying to mislead you. At worst they're spying on your and stealing your money.
I urge you to get a refund. If that's not possible, I recommend you install a clean version of Android so you have less reason to worry about malicious intrusions. However, that might not be enough, because there might be intrusions in the device, either hardware or software, that can interfere with anything you do with the device. I agree with the others though that it's a security risk to use the device as-is.