In your example below the domain you see in the log is by reverse lookup of the destination IP. It is not used for URL categorization.
For SSL traffic SNI (R80.30 and higher)/Certificate CN is used for URL categorization (in case HTTPS Categorization is enabled and SSL inspection is disabled).
We have tested this in our labs and traffic to oati.com is categorized as Buisness/Economy.
I suggest you retest it. If still an issue please open a ticket to support.
*The only scenario I can think of where we will not categorize according to SNI/CN is when certificate is invalid (or SNI is not part of certificate SAN).