Giving the command below shows my /etc/hosts all similarly formatted. Trying Safari to go to facebook.com indeed gives the URL: safari-resource:/ErrorPage.html
but for some or many of the other entries it doesn't work. It also doesn't work for Tor browser for that matter but I guess that's a different question. I've tried blocking these domains using parental control in my router but that also doesn't work.
dscacheutil -q host -a name facebook.com gives
name: facebook.com
ipv6_address: fe80:1::1
name: facebook.com
ip_address: 127.0.0.1
I think that the non-facebook entries are rerouted by Safari, given this question for reddit. So that if it doesn't find doubleclick.net, it will ask a DNS server for an alternative.
$ cat -vet /etc/hosts
##$
# Host Database$
#$
# localhost is used to configure the loopback interface$
# when the system is booting. Do not change this entry.$
##$
127.0.0.1^Ilocalhost$
255.255.255.255^Ibroadcasthost$
::1^Ilocalhost$
127.0.0.1^Ifacebook.com$
fe80::1%lo0^Ifacebook.com$
127.0.0.1^Ifonts.googleapis.com$
127.0.0.1^Ifonts.gstatic.com$
127.0.0.1^Iwww.facebook.com$
127.0.0.1^Iadservice.google.com$
127.0.0.1^Iadservice.google.nl$
127.0.0.1^Iwww.adservice.google.nl$
127.0.0.1^Idoubleclick.net$
127.0.0.1^Igoogle-analytics.com$
127.0.0.1^Iwww.googletagservices.com$
127.0.0.1^Ifonts.googleapis.com$
127.0.0.1^Igoogleads.g.doubleclick.net$
fe80::1%lo0^Ifonts.googleapis.com$
fe80::1%lo0^Iadnx.com$
fe80::1%lo0^Igooglesyndication.com$
fe80::1%lo0^I360yield.com$
fe80::1%lo0^Ifonts.gstatic.com$
fe80::1%lo0^Iwww.facebook.com$
fe80::1%lo0^Iadservice.google.com$
fe80::1%lo0^Iadservice.google.nl$
fe80::1%lo0^Iwww.adservice.google.nl$
fe80::1%lo0^Idoubleclick.net$
fe80::1%lo0^Igoogle-analytics.com$
fe80::1%lo0^Iwww.googletagservices.com$
fe80::1%lo0^Ifonts.googleapis.com$
fe80::1%lo0^Igoogleads.g.doubleclick.net$
fe80::1%lo0^Ifonts.googleapis.com$
127.0.0.1^Iadnx.com$
127.0.0.1^Igooglesyndication.com$
127.0.0.1^I360yield.com$
Best Answer
Have you ruled out JavaScript in the web browser that tries several resolutions? I’m thinking making hosts entries won’t cut the mustard and most people will need something more strong like a custom DNS server to help escalate this game of whack-a-mole
Pi Hole is my current favorite DNS sinkhole these days and simplifies our efforts above greatly if you don’t mind setting up a robot army to shield your network.