Yes, the r value was reused. One of the compromised addresses is a P2PKH address holding a bit over 2 BTC, which ACCIDENTALLY shared the same R with two other addresses due to a cloned VM. This particular address has a total of 7 spends with a biased k.
I compared all r values above; for example, the comparison between r2 and r5:
Number of fixed (frequent) bits: 140/256
Fixed bits ratio: 0.5469
The 7 r values mentioned come from the same key. Here, r2 and r5 have 140 fixed bits in total.
Is there a way to brute-force the nonce?
It's difficult to help you from the perspective you're presenting (assumptions) because there is no generalized method that covers what you're asking. These attacks are constructed based on the data collected from the signatures, their patterns, their relationships... In other words, you won't find a direct answer to this because it requires specific information to build a system of equations that can solve it. Additionally, since this involves the blockchain, and without intending to discourage you, I believe that the potential vulnerabilities in transactions from 2015 back to its inception have already been exploited (the ones that could be). Therefore, I'm fairly certain that an expert has already examined your series of transactions, as the information is public and easy to find on the blockchain.