If you have malware on the hotel computers presumably you could make the malware make the request.
You can't get too aggressive with your geo/browser checks because there are probably a lot of legitimate logins where the owner is doing some work from home or from a different location.
I mean if the malware has total control of the computer, there is nothing you can do. But if it’s just stealing cookies, then there’s already a lot of existing technologies to prevent that.