Tpc.googlesyndication.com and googleads.g.doubleclick.net getting through

This confirms that Pi-hole is blocking that domain and the client is using Pi-hole for DNS.

Either the browser is using an alternate DNS, or the ads are coming from other domains.