I don’t think the promt has to do with ZS. Usually the “\ipaddress” is used for Samba shares. Do you have such a thing on the ZS?
The server can be hacked in many ways, that overcome the existance of a firewall. Since you allowed the http on the firewall then they might have attacked you with a malicious http packet, which could only be caught with an IDS.