Given that their "Command & Control" server already knows the user's IP anyway, this might be a disguise, with the actual intention being to check if Google is working from that IP, as these shady VPNs are often used to abuse the client as a proxy for SERP requests, to bypass IP-based search engine query limits (for SEO etc.).