I'm not the author but my guess is that the API returns whether the number is registered with iMessage or not- like if you type in a number in a new text message it shows whether the message you're sending will be an iMessage or a text message. Don't think the author was spamming random numbers.
That’s after screening to see if the number was linked to iMessage —- ie a valid iPhone attached to the number. That’s what that lookup service did. Then they scripted messaging the numbers that worked.
