There are two possible ways:

1. Top down: You have a pubkey, know what system it was created on and then find weak randomness on said system
2. Bottom up: You know a system with weak randomness. You generete the keypairs for all of the frequent notsorandom numbers. You look on the chain if you find any of these pubkeys being used without any paytopubkeyhash

kilianbuhn

bitcoin

Someone just lost half a bitcoin to fees

Rsync25

> so it was probably a well-known or very low-entropy address.

Is there any logic to determine low-entropy address?  

Or was this just bad luck and this address happen to be already guessed and recorded in a database with private key.