Your Apple ID was used to sign in to iCloud via a web browser but I have dual authorization

They are automatically sent in the case of suspicious activity. But, you said you "received an email that my Apple ID was [actually] ]signed in to iCloud via web browser at 11 pm. Is this what you meant to say? Anyway, I am not sure what happened, but here are some reads for you to consider.

Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams: https://support.apple.com/en-us/HT204759

If you think your Apple ID has been compromised: https://support.apple.com/en-us/HT204145

The first one, besides providing scam related info, indicates how you can report incidents to Apple.

2-18-2020 Wed 7;17am

From Garden-Guy to China_ ;

Hi Chica_

I came to this site looking for an answer to my own question, and you were sent to me for an answer to your problem.

My best reply to your question about Duel Authorization is Apple tries to spot illegal use of your machine when you use it for the first time in a new place or when you use a new piece of equipment with your regular settings. Since I have an apple ID and Password word that have no connections to anything else I do on the web I just usr that Apple ID to log in. If you look at the address bar and you do not see <https://.apple.com> at the beginning of the address get suspicious. To be real safe go to this site and ask your question there,

Good Luck