The Hotspot uses the dstnat chain as well - you can see the rules if you issue "/ip firewall nat print all", or in the manual: http://wiki.mikrotik.com/wiki/Manual:Customizing_Hotspot
You can't redirect users just like that because the Hotspot grabs the traffic first. You will have to use on the hook chains to redirect before that happens. RouterOS provides a 'pre-hotspot' custom chain that the Hotspot will execute before doing its own work. Shift your rule into that chain instead.
That said, you're redirecting all TCP traffic to a webserver. That's probably not the best of ideas. You should redirect HTTP only, and the firewal can identify that for you. An adjusted rule is below. Also, your web server has to be set up to pretend to be any web server in the world since clients will think they're talking to the real thing. That can be problematic. You may want to use the approach from http://wiki.mikrotik.com/wiki/Payment_Reminders
instead, which uses the proxy to overcome that problem. Whether that's necessary depends on your web server.
Here the corrected rule:
/ip firewall nat
add chain=pre-hotspot hotspot=http src-address-list=Blacklisted action=dst-nat to-addresses=192.168.100.4
With the proxy approach it would look like this:
/ip proxy access
add action=allow disabled=no dst-address=192.168.100.4
add action=deny disabled=no redirect-to="http://192.168.100.4/whatever.html"
/ip firewall nat
add chain=pre-hotspot hotspot=http src-address-list=Blacklisted action=redirect to-ports=8081
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.