Of late, the demo server has been unstable with times when it even fails to start OpenMRS.
I have noticed that it at times has modules which are not part of the reference application (most likely cause of the instability) as you can see examples like radiology here: https://demo.openmrs.org/openmrs/admin/modules/module.list
Since its web interface is configured not to allow installation of modules, could it be that some one is using other means to upload modules to it? Like via REST?
That’s the same security hole that exists if uploading modules via the UI were enabled…all someone would have to do is know that this is enabled and BAM, they uploaded a module…