Nobody can give you certainty here, as there are a lot of possibilities.
This all depends on what happened here...
Fake failure notifications and fake purchase notifications are common, and clicking on a link provided in the notifications can take the user to a fake "Apple login portal", where you can hand your Apple ID credentials to the scammer.
What Apple writes about this: Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support
Depending on exactly what you were doing, the notification might have been triggered by you, based on something you just did.
Confusingly, IP geolocations are best considered "correct" if they're within the same country.
Here's a recent discussion of geolocation and of browser user agent strings:
https://discussions.apple.com/thread/253154661?answerId=255908905022#255908905022
What to do? You'll want to have two-factor authentication enabled as well. Two-factor is a last-chance additional-factor means to block a login from somebody that has your Apple ID and password.
On your iPhone, have a look at the Apple-generated security report, and see if there are other issues with your passwords. Settings > Passwords > Security Recommendations
Make sure you have backups of your iPhone, and of all data you value.