i found this list online:
captive.apple.com
ibook.info
appleiphonecell.com
airport.us
thinkdifferent.us
itools.info
such a shame apple doesnt just publish it, why doing this and not informing your users. also equally silly you cant just disable CNA.
apperently they also use a certain user agent string to identify these requests. i hope aruba doesn't just allow request from that user agent to go through because then there is a nice way through your captive portal.
also: why post this in the education forum, it is something that affects everyone in my opinion.