this can not be a copy paste error!
as i said above your comment, the only problem here is in his signature byte length is invalid. and since the signature string is in base64 it could not have happened by accident. since accidental modification of base64 will most probably lead to invalid encoding!

your signature length is invalid, it should have been 65 bytes but what you posted here is only 64 bytes which means it is missing 1 byte.

this should not have happened, i can't see any bugs that could lead to this either. are you sure that you have not modified the signature yourself?

that case is not related to your concern. it is a bad implementation of ECDSA that affected normal wallets and HD wallets alike.

if the wallet you were using had a terrible code then it could happen but you mentioned Electrum. this wallet is a good one and the code is solid. it is using a method for generating the random k value known as RFC-6979, it deterministically creates the digital signature so the RNG problems don't exist here at all.

here is some references you can read:
RFC doc: https://tools.ietf.org/html/rfc6979
electrum source code: https://github.com/spesmilo/electrum/blob/428b63822b359d56d6ececabf406a43589545d24/electrum/ecc.py#L417
the library it calls: https://github.com/warner/python-ecdsa/blob/aea736c610752bf1478febfd15b11c711debcf61/src/ecdsa/keys.py#L1022-L1055
there is also libsec256k1 which electrum uses but i couldn't find the code there. you can look into that too.
https://tools.ietf.org/html/rfc6979

no it doesn't mean that. it means your keys were created pseudo randomly from a random entropy instead of each from a different random entropy. the end result (the keys) are still considered random and unrelated.

to put it simply, if it were possible to find your private key from a signature like what you explained then nobody could ever use an HD wallet because the signature you create for a message is using the same algorithm as the signature you create for a transaction.

a user that has trouble finding the real website of a desktop wallet to download an installer that requires one click to install (through a wizard that only has next!) will also have trouble finding the real website of a web wallet and will lose his private keys in the same fashion.
i think a better advice to these types of user is to stay away from cryptocurrencies until they can learn the basics of security while using a computer and surfing the web!

the URL you tested seems to be the correct (real) URL that leads to the real blockchain.com website as far as i can tell so the only possible case is that this particular detector (CLEAN MX) is giving you a false positive.

ps: you should really start using a desktop wallet. https://bitcointalk.org/index.php?topic=1631151.0

i haven't seen anything recent, they belong to at least a couple of months ago and none of them are anything new. they are repetition of the same FUD that has been around for as old as 2012 where they either fully lie or exaggerate what the Chinese government is doing with their regulations.
not to mention that the news most of the times has nothing to do with the government, it is some statement from some random person the news sites are turning into official news.

and THAT is how scammers steal your secrets!
i don't know about this "widget" and i don't want to waste time on it but you should never install this type of things, specially when they are directly targeting something so sensitive as your exchange account that involves money.
you can find lots of stories about how people simply lost their private keys, login passwords, API keys,... just by being reckless about what they install.

i'm sorry but your expectations about the profit you can make from trading bitcoin has been unrealistic that is why you feel surprised right now that bitcoin isn't constantly going up!
the market is not supposed to be like that. there are times when it stops rising, there are times when it falls and times when it goes sideways. now it is sideways time. learn to move with the market...

as i said, it is a "partial collision" not a "collision". a partial collision is when only a smaller portion of the digests are equal. it is a topic that becomes important if you are using truncated hashes, like using SHA256 to hash but only using first 32 bits. and it seems to me that this is what OP is doing.

i honestly don't see anything strange going on here. you take an input, pass it though a pseudo random function and get a final result. then change that input, pass it through the same function and get a different result. then you repeat this final step a lot of times in a loop until you find a partial collision.
that is not strange, that is expected.
if you do this with any cryptography function you will find the same results; here is an example with MD5 (since it is a fast hash function!):
here the 256 bit data is like the mnemonic you have and MD5 is like the same scrypt and hmac-sha that you have. i get the first data, shuffle the bytes around and hash it again.
the result hashes are also the same as the "addresses" or entropies you find.
you can see that the jumble of the "data" gives similar hashes. it took me a nanosecond to find this collision.

here is a bigger one that tool half a second:

2022?!!! try first quarter of 2020 that would be an interesting question otherwise by 2022 you would look at $19k price the same way you are looking at $220 today. it would be just another tiny price that we shot past years ago that nobody even remembers...

so my answer is yes. and to expand, i believe by first quarter of 2020 (next year) we are going to see the rise happen and previous ATH to either be broken or be so close.

it is like saying "is the steam engine a saving grace for horses and carts?" just like the way engine made horses obsolete, bitcoin (the decentralized money) is what could make banks obsolete. because when people use decentralized money, they no longer need that middle man aka banks anymore and they can do everything themselves in a much cheaper way and free of their corruption!

that is the advice that i have been giving others and also following myself! in fact each time a newbie mentions "portfolio" and "diversification" while saying their portfolio only consists of bitcoin and two dozen altcoins i tell them they have NOT diversified at all. and real diversification is when you have traditional assets and then buy bitcoin alongside them to benefit from the huge profit that bitcoin gives you while still having one leg in the traditional market and enjoy the less risk that they give you.
and of course the main reason is that there isn't any correlation between bitcoin and any of the other markets whatsoever.

there is nothing wrong with it, it has no place here.
you only perform it on "public keys" after you performed SHA256 only when you want to get the "pubkey-hash" that you use inside the scripts.

then you hash the entire script using SHA256 so the complete thing looks like this:
where "Script()" is the other OP codes you add such as 0x00, 0x76, 0x88,...

eg. P2WPKH:

P2PKH:

the big rise probably won't happen in the remaining only one month of this year but will happen in next year. it won't be only because of halving! it will be because it is time and it isn't going to be hard since as soon as price shows the slightest signs of rising and breaks any kind of resistance (specifically $10k) then the FOMO will kick in and we see repetition of all the previous FOMOs such as the one at $4k which ended up with shooting up 100% at first and the final 250% rise to $13k.

this should be:
where 0x00 is OP_0, 0x20 is the size of the data (hash) to push and 1ff... to the end is the 32 byte hash.
and the result of this hash is

there can't be any error messages because the server receives a hash which corresponds to an entirely different address which is not in its database so it simply returns zero balance.

whoever claims to be an insider and then gives you suggestions about the market is a big scammer and you must stay away from these people

people's interest in bitcoin is not because of its shooting price. it is because of the strength and security that it has.
as for the rise, we will see another shoot up before the halving and it will most probably be big since there are a lot of new people with fresh money who are expecting the same exact thing as last 2 times to happen and will act on it which means a big price rise!

stablecoins will only gain popularity during the widespread shitcoin pumps where day traders need something they can dump their shitcoins to. and if bitcoin goes sideways and has such gigantic drop to $5k then shitcoins will have an extremely hard time getting any pumps.

my luck is in bitcoin staying below $10k or even less not in its price going up because the longer it stays here the more bitcoin i can accumulate with my paycheck which i use a portion of to buy bitcoin.
the only ones that would be shit out of luck are those who are bag holding altcoins thinking if bitcoin price doesn't rise then altcoins should

it is a bad idea in my opinion because it centralizes things to "your website/service" alone whereas right now things are more decentralized than that and it is a good thing.
if you look around, there are multiple different individuals that handle escrow, campaign management, list of scammers and other banned users,... and all things are happening in a more transparent way. that eliminates a lot of abuse and possible problems.

centralizing it to one place means that if some day that one place had some problems (eg. the owner had an accident or maybe pulled a scammed and ran away) it will damage every single person that is participating in a campaign or the businesses that run it.

it was more about the process being public between two person though. otherwise as a developer, you yourself always test your own system that you designed and created to see if it works fine before releasing it. but those tests are not something you release to public like this with another "person".