Find transactions known as address poisoning attack according to the following criteria:

Edmund, thank you for that scheme.

1. Key condition – For a transfer from address A to address B, the poisoning transaction must come from address C to address A. C and B must be different, but share the same first four characters.
   • Be careful not to mix token_account_address with owner_address, since the owner address shown in the UI can be mimicked in a poisoning attack.
2. Optimization condition – The original transaction must be at least $1,000.
3. Optimization condition – The poisoning transaction must be under $0.10.
4. Optimization condition – The poisoning transaction must occur within 10 minutes of the original transfer.
5. Optimization condition – Limit selection to original transactions in the following time window:

block_time >= TRY_CAST('2025-05-01 12:00:00' AS TIMESTAMP)
AND block_time < TRY_CAST('2025-05-01 12:30:00' AS TIMESTAMP)

Your table output format should have the following columns:

owner_to_original
owner_from_poisoning
tx_signature_original
tx_signature_poisoning
block_time_original
block_time_poisoning
amount_usd_original
amount_usd_poisoning

Solana data:

Relevant data is in tokens_solana.transfers

Correctness criteria:

The score would depend on how many transaction pairs (tx_signature_original, tx_signature_poisoning) you detected correctly.