This sounds like your URL is marked as malware, as you originally reported. I’ve confirmed this by attempting to Tweet a link from my test account, and getting error code 226 back from the API. You will need to wait for the team to review your URL (assuming you already reported it via the spam form). This is not a developer platform issue.
Do you have an app that is sending Tweets via the API? If you want to share content from a website you can simply use a Tweet button, and do not need to register an app. However since the URL is marked as suspicious, the Tweet button will not help until this is cleared.
The Test OAuth button resulting in that error is due to our recent redesign of the developer site and removal of the tool; this is not relevant.