Obviously it's hard to tell from a distance without any hard data, but at a random guess there might be some large CGNAT in use where many different users are sharing a one or a few outbound IP addresses. Very heavy parallel use of IPs by many users is seen as a possible risk by some assessment systems. And irrespective of the rule of law, I would suggest that Singapore is hardly likely to be devoid of malicious activity although it's incidence may well be lower per capita than other nations. It's perfectly feasible that there's a bunch of customers in SG who have malware on their devices that participates in a botnet, their good connectivity and high bandwidth links makes devices in this city state high value targets. Whilst the hotels might not be the hotbed of malicious activity their IPs are close or in the same netblock as others that are and the risk has been applied to the entire netblock, or even ASN.

We have seen examples on here where entire ISP networks ASNs, like Orange Poland (their main ISP) have been blocked for accessing FT for many weeks. Not even a captcha option, blocked.

What we won't ever get is clarity on why some things get slammed into secondary for captchas, others get blocked, and others are ok. Cloudflare are continually updating their rules literally by the minute based on their very broad intelligence of malicious activity seen across all their customers, and IB are never going to disclose what knobs they have turned to what level in the cloudflare console.

I agree it's frustrating to have captchas foisted on your browsing activity but I do suggest that forums such as those being run by IB are brittle by modern standards and need a degree of paranoia protection.