Possible cause:
I am running iThemes Security, and my login page is no longer called wp-admin but something else. The URL listed in the e-mail, however, is https://foo.com/wp-admin/. It’s as though the plugin is directing the token that authorizes the IP to the wrong place, and then flipping out.
The e-mail looks like this. The link in the “following link” token text is correct (not wp-admin but the current login page address), but it IS saying “wp-admin” as the reported ULR at the IP address initially.
User: Shepherd
IP: 198.91.240.37
URL: https://foo.com/wp-admin/
To authorize this IP address, please click the following link: https://foo.com/the_right_login_page?action=registerip&wpls2_ipkey=df37d9b2f61d46efc154e3a06457b110
There are a bunch of other security things going on as well, including renamed table prefixes and a renamed wp-content directory, but the wp-admin thing being listed in the e-mail might be a big clue here.
I am running the Omega theme (in a child theme)