Can attackers substitute/place my queries to/from provider?

Can attackers substitute/replace my queries to/from provider? I mean I do HTTP query and its modified on provider-side so query goes modified to a server or reversal situation, when I get modified answer from server by the modifying response on provider-side?