Users rely on ad and tracker blocking tools to protect their privacy. Unfortunately, existing ad and tracker blocking tools are susceptible to mutable advertising and tracking content. In this paper, we first demonstrate that a state-of-the-art ad and tracker blocker, ADGRAPH, is susceptible to such adversarial evasion techniques that are currently deployed on the web. Second, we introduce WEBGRAPH, the first ML-based ad and tracker blocker that detects ads and trackers based on their action rather than their content. By featurizing the actions that are fundamental to advertising and tracking information flows - e.g., storing an identifier in the browser or sharing an identifier with another tracker - WEB GRAPH performs nearly as well as prior approaches, but is significantly more robust to adversarial evasions. In particular, we show that WEBGRAPH achieves comparable accuracy to ADGRAPH, while significantly decreasing the success rate of an adversary from near-perfect for ADGRAPH to around 8% for WEBGRAPH. Finally, we show that WEB GRAPH remains robust to sophisticated adversaries that use adversarial evasion techniques beyond those currently deployed on the web.